Cyber Resiliency is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.[1] In essence, it is the effectiveness of an entity's cybersecurity. Cyber resiliency differs from Cybersecurity in that it emphasizes the need to minimize mission impacts rather than the need to minimize losses of information, information systems, or other assets. Cyber resiliency differs from other concerns of resilience in that it focused on adversarial disruptions.[2]

Metrics

There are two different approaches to measuring cybersecurity effectiveness: Dashboards and benchmarking.

Dashboards

Dashboards visualize and make assessable metrics quantified in terms of cost, risk level, and time. Key Performance Indicators (KPIs):[3]

  1. Mean-Time-to-Detect and Mean-Time-to-Respond
  2. Number of systems with known vulnerabilities
  3. Number of incorrectly configured SSL certificates
  4. Volume of data transferred using the corporate network
  5. Number of users with “super user” access level
  6. Number of days to deactivate former employee credentials
  7. Number of communication ports open during a period of time
  8. Frequency of review of third party accesses
  9. Frequency of third-party accesses to critical enterprise systems
  10. Percentage of business partners with effective cybersecurity policies

Benchmarking

Benchmarking refers to the gathering of data from similar organizations for comparison with one's own organization’s cybersecurity measures.[4] They compare their metrics with others, focusing in particular on:[5]

  1. Speed: how fast entities can detect a security breach, mobilize a response, and return to business as normal
  2. Resiliency: the number of systems that were compromised or stopped and for how long
  3. Accuracy: how well they pinpointed cyber incidents
  4. Impact: How long attacks last, how much disruption, and how high the costs are for an organization
  5. Automation: How much reliance on humans/how automated is the detection/stopping of attacks
  6. Data Privacy Regulation: How many violations and how many fines
  7. Collaboration: How often and how well does the entity work with law enforcement or other security sectors

Challenges

References