Difference between revisions of "Cyber Resiliency"
(Created page with "'''Cyber Resiliency''' is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.<ref>[https...") |
|||
| Line 1: | Line 1: | ||
| − | '''Cyber Resiliency''' is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.<ref>[https://www.mitre.org/sites/default/files/publications/pr-18-2579-cyber-resiliency-metrics-measures-of-effectiveness-and-scoring.pdf Cyber Resiliency Metrics, MITRE]</ref> | + | '''Cyber Resiliency''' is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.<ref>[https://www.mitre.org/sites/default/files/publications/pr-18-2579-cyber-resiliency-metrics-measures-of-effectiveness-and-scoring.pdf Cyber Resiliency Metrics, MITRE]</ref> In essence, it is the effectiveness of an entity's cybersecurity. Cyber resiliency differs from [[Cybersecurity]] in that it emphasizes the need to minimize ''mission impacts'' rather than the need to minimize losses of information, information systems, or other assets. Cyber resiliency differs from other concerns of [[SSR|resilience]] in that it focused on ''adversarial'' disruptions.<ref>[https://www.mitre.org/sites/default/files/publications/pr-18-2579-cyber-resiliency-metrics-measures-of-effectiveness-and-scoring.pdf Cyber Resiliency Metrics, MITRE, pg. 17]</ref> |
| + | |||
| + | ==Metrics== | ||
| + | There are two different approaches to measuring cybersecurity effectiveness: Dashboards and benchmarking. Dashboards: visualize and make assessable metrics quantified in terms of cost, risk level, and time. Benchmarking: gathers data from similar organizations for comparison with one's own organization’s cybersecurity measures.<ref>[https://www.logsign.com/blog/what-are-cyber-security-measures-of-effectiveness/ Cybersecurity effectiveness measures, Logsign]</ref> | ||
| + | ==Challenges== | ||
==References== | ==References== | ||
[[Category:Concepts]] | [[Category:Concepts]] | ||
Revision as of 15:24, 6 August 2021
Cyber Resiliency is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.[1] In essence, it is the effectiveness of an entity's cybersecurity. Cyber resiliency differs from Cybersecurity in that it emphasizes the need to minimize mission impacts rather than the need to minimize losses of information, information systems, or other assets. Cyber resiliency differs from other concerns of resilience in that it focused on adversarial disruptions.[2]
Metrics
There are two different approaches to measuring cybersecurity effectiveness: Dashboards and benchmarking. Dashboards: visualize and make assessable metrics quantified in terms of cost, risk level, and time. Benchmarking: gathers data from similar organizations for comparison with one's own organization’s cybersecurity measures.[3]