Jump to content

Cyber Resiliency: Difference between revisions

From ICANNWiki
Jessica (talk | contribs)
Jessica (talk | contribs)
No edit summary
Line 1: Line 1:
'''Cyber Resiliency''' is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.<ref>[https://www.mitre.org/sites/default/files/publications/pr-18-2579-cyber-resiliency-metrics-measures-of-effectiveness-and-scoring.pdf Cyber Resiliency Metrics, MITRE]</ref> In essence, it is the effectiveness of an entity's cybersecurity. Cyber resiliency differs from [[Cybersecurity]] in that it emphasizes the need to minimize ''mission impacts'' rather than the need to minimize losses of information, information systems, or other assets. Cyber resiliency differs from other concerns of [[SSR|resilience]] in that it focused on ''adversarial'' disruptions.<ref>[https://www.mitre.org/sites/default/files/publications/pr-18-2579-cyber-resiliency-metrics-measures-of-effectiveness-and-scoring.pdf Cyber Resiliency Metrics, MITRE, pg. 17]</ref>  
'''Cyber Resiliency''' is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.<ref>[https://www.mitre.org/sites/default/files/publications/pr-18-2579-cyber-resiliency-metrics-measures-of-effectiveness-and-scoring.pdf Cyber Resiliency Metrics, MITRE]</ref> In essence, it is the effectiveness of an entity's cybersecurity. Cyber resiliency differs from [[Cybersecurity]] in that it emphasizes the need to minimize ''mission impacts'' rather than the need to minimize losses of information, information systems, or other assets. Cyber resiliency differs from other concerns of [[SSR|resilience]] in that it focused on ''adversarial'' disruptions.<ref>[https://www.mitre.org/sites/default/files/publications/pr-18-2579-cyber-resiliency-metrics-measures-of-effectiveness-and-scoring.pdf Cyber Resiliency Metrics, MITRE, pg. 17]</ref>  
==Standards==
* Security of Information (ISO 27001)<ref>[https://www.itgovernance.co.uk/iso27001 ISO 27001, IT Goverance]</ref>
* Business Continuity (ISO 22301)


==Metrics==
==Metrics==

Revision as of 14:44, 9 August 2021

Cyber Resiliency is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.[1] In essence, it is the effectiveness of an entity's cybersecurity. Cyber resiliency differs from Cybersecurity in that it emphasizes the need to minimize mission impacts rather than the need to minimize losses of information, information systems, or other assets. Cyber resiliency differs from other concerns of resilience in that it focused on adversarial disruptions.[2]

Standards[edit | edit source]

  • Security of Information (ISO 27001)[3]
  • Business Continuity (ISO 22301)

Metrics[edit | edit source]

There are two different approaches to measuring cybersecurity effectiveness: Dashboards and benchmarking.

Dashboards[edit | edit source]

Dashboards visualize and make assessable metrics quantified in terms of cost, risk level, and time. Key Performance Indicators (KPIs):[4]

  1. Mean-Time-to-Detect and Mean-Time-to-Respond
  2. Number of systems with known vulnerabilities
  3. Number of incorrectly configured SSL certificates
  4. Volume of data transferred using the corporate network
  5. Number of users with “super user” access level
  6. Number of days to deactivate former employee credentials
  7. Number of communication ports open during a period of time
  8. Frequency of review of third party accesses
  9. Frequency of third-party accesses to critical enterprise systems
  10. Percentage of business partners with effective cybersecurity policies

Benchmarking[edit | edit source]

Benchmarking refers to the gathering of data from similar organizations for comparison with one's own organization’s cybersecurity measures.[5] They compare their metrics with others, focusing in particular on:[6]

  1. Speed: how fast entities can detect a security breach, mobilize a response, and return to business as normal
  2. Resiliency: the number of systems that were compromised or stopped and for how long
  3. Accuracy: how well they pinpointed cyber incidents
  4. Impact: How long attacks last, how much disruption, and how high the costs are for an organization
  5. Automation: How much reliance on humans/how automated is the detection/stopping of attacks
  6. Data Privacy Regulation: How many violations and how many fines
  7. Collaboration: How often and how well does the entity work with law enforcement or other security sectors

Challenges[edit | edit source]

References[edit | edit source]