A paper on the relationship between Digital Resilience and Cyber-Security
Digital Resilience (DR) has become more important as our typical usage of digital systems has changed. The increased interconnection of systems to provide the same functionality compared to the previous monolithic systems architectures, made digital systems more complex.
Because of these evolutions, IT technology deepened and widened its impact on strategic, tactical and operational company processes. It also meant that traditional rigid approaches to cybersecurity are not sufficient anymore.
Traditionally companies approached DR in a fragmented and limited way with respect to the domain, the location and the scope. The domain of DR was restricted to the technical aspects of security and the direct effects on the organization of the break-down of these technologies. There was limited attention to the indirect impacts on the organization, although these might have a bigger strategic value e.g. reputation damage and client trust reduction.
|Cyber Security||Digital Resilience|
|1. Disaster recovery – Retro-active – Continuous improvement |
2. External regulatory risk driven
3. Manual detection and recovery processes
4. Disaster triggered discovery
5. Legacy static monitoring
6. Internal knowledge bases for incident handling
|1. Threat prevention – Pro-active – Continuous innovation |
2. Internal customer expectation driven
3. Automated detection and recovery processes
4. Anomaly identification discovery
5. SMART system’s monitoring
6. Internal and external knowledge bases for incident handling
In this paper:
First a traditional framework, i.e. the Cyber Resilience and Response model (CRR) from the Department of Homeland Security, will be looked into to explain some basic principles. Next the Business Continuity Management (BCM) framework will be used to highlight the core practices i.e. the cyber security framework from the National Institute of Standard and Technology (NIST). Finally, some additional practices that extend this framework to something more useful and adapted in the realm of DR, will be covered.
Recommended reading on the topic:
Digital Resilience: Is Your Company Ready for the Next Cyber Threat? by Ray A. Rothrock