Resilience
NIST defines resilience as, "the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruption. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents."
Why Is Resilience A Term GRC Professionals Should Be Familiar With?
Resilience is part of a "three-legged stool" concept, where a cybersecurity function needs to have three key capabilities to remain stable and support the organization's business needs:
- Security Leg. The appropriate controls are in place to protect the system/initiative/organization from reasonable risks and threats.
- Compliance Leg. Reasonable evidence of due diligence and due care exists to demonstrate compliance with applicable laws, regulations and contractual obligations.
- Resilience Leg. The organization is capable of withstanding and recovering from reasonable cybersecurity incidents.
Resilience
There is a military saying that, "The more you sweat in peace, the less you bleed in war" and that is applicable to the concept of resilience. If an organization invests the time and effort to ensure resilience (e.g., nore you sweat in peace), then recovering from accidental or intended incidents will be minimal (e.g., less you bleed in war). This goes far beyond planning and involves the need to address the spectrum of People, Processes, Technologies, Data and Facilities (PPTDF) to create a holistic approach to resilient operations.
Resilience Spans Incident Response, Disaster Recovery and Businesss Continuity Plans
At the time of an incident or suspected incident, those responding generally do not know the magnitude and duration of any disruption to business operations. This "fog of war" can be minimized to a degree by creating Indicators of Compromise (IoC) that are specific to the organization that can better guide responders down the right path for incident response operations. Those incident response operations may lead to Disaster Recovery (DR) operations, which then may lead to longer-term Business Continuity (BC) operations.
Resilience focuses on minimizing DR/BC operations by having the capabilities in place to adapt and respond / recover quickly, but that requires significant preparation to do properly.
Reactive vs Proactive Cybersecurity Capabilities
Fundamentally, resilience is an operational mindset to be proactive, rather than reactive. An incident (boom event) is the trigger that sets in motion IR & DR/BC operations:
Reactive Cybersecurity Operations
In reactive cybersecurity operations, minimal PPTDF preparation leaves a weak or non-existent resilience capability where "right of boom" incident response involves significant time and resources to recover Business As Usual (BAU) operations.
Proactive Cybersecurity Operations
In proactive cybersecurity operations, significant PPTDF preparataion "left of boom" creates a resilience capability where "right of boom" incident response and recovery is minimal:
