Vol 3 No 1 (2020): Special issue on cyber-security of critical infrastructure

Improving Cyber Security with Resilience

Dejan Škanata
University of Applied Sciences Velika Gorica
Published November 17, 2020
  • Cyber security,
  • cyber resilience,
  • risk assessment and management,
  • resilience engineering
How to Cite
Škanata, D. (2020). Improving Cyber Security with Resilience. Annals of Disaster Risk Sciences, 3(1). Retrieved from https://ojs.vvg.hr/index.php/adrs/article/view/43


Cyber security is commonly defined as the practice of protecting computers, networks, programs and data from unauthorized access or malicious attacks that are aimed for exploitation. Hence, cyber security is focused primary on malicious activities prevention and protection from occurring. Prevention and protection objectives have been usually achieved by applying traditional risk assessment and management procedures. Despite these efforts it has been shown that complete security of IT systems and data is almost impossible to achieve. Namely, by increasing number and type of different cyber threats the cyber incidents are becoming inevitable. Thus, even the strong cyber security is not enough anymore. Because of that organizations need to build the cyber resilience which mainly deals with system respond and recovery after disruptive event occurring. Cyber security combined with cyber resilience opens a new perspective towards better overall security of IT systems.


  1. AIIC (2016). Guidelines for Critical Infrastructures Resilience Evaluation, Italian Association of Critical Infrastructures Experts
  2. Ascentor (2019). Cyber Security, What’s the difference between cyber security and cyber resilience – and why does resilience matter?
  3. C. Holling (1973). Resilience and stability of ecological systems, Annual Review of Ecology and Systematics, 4, 1-23
  4. CBC (2018). Building Cyber Resilience, Conference Board of Canada
  5. CRA (2019). 2019 MidYear QuickView Data Breach Report, Cyber Risk Analytics
  6. CV (2019). 2019 Official Annual Cybercrime Report, Caybersecurity Ventures
  7. D. Bodeau and R. Graubart (2016). Cyber Resilience Metrics: Key Observations, The MITRE Corporation
  8. D. Dobrygowski (2016). Cyber Resilience: Everything you (really) need to know, World Economic Forum
  9. E.D. Vugrin and J. Turgeon (2013). Advancing Cyber Resilience Analysis with Performance-Based Metrics from Infrastructure Assessments, International Journal of Secure Software Engineering, 4(1), 75-96
  10. EUCIRCLE (2018). D4.2: Resilience Prioritization Module and D4.5: CI resilience Indicators, Fraunhofer (Germany), Artelia (France), NCSR (Greece) and UVG (Croatia)
  11. G.P. Cimellaro, A.M. Reinhord and M. Bruneau (2006). Quantification of Seismic Resilience, Proceedings of the 8th U.S. National Conference on Earthquake Engineering, Paper no. 1094
  12. I. Linkov, D.A. Eisberg, K. Plourde, T.P. Seager, J. Allen and A. Kott (2013). Resilience metrics for cyber systems, Springer
  13. I. Linkov, T. Bridges, F. Creutzig, J. Decker, C. Fox-Lent, W. Kroger, J.L. Lambert, A. Levermann, B. Montreuil, J. Nathwani, R. Nyer, O. Renn, B. Scharte, A. Scheffler, M. Schreurs and T. Theil-Clemen (2014). Changing the Resilience Paradigm, Nature Climate Change, 4, 407-409
  14. ISO (2018). ISO/IEC 27000:2018, Information technology - Security techniques - Information security management systems - Overview and vocabulary, International Organization for Standardization
  15. L. Carlson, G. Bassett, W. Buehring, M. Collins, S. Fologa, B. Haffenden, F. Petit, J. Phillips, D. Verner and R. Whitfield (2012). Resilience: Theory and Applications, Argonne National Laboratory
  16. M. Deublein, F. Roth, C. Willi, K. Anastassiadou and U. Bergerhausen (2019). Linking science to practice: a pragmatic approach for the assessment of measures to improve the resilience of transportation infrastructure systems, 29th European Safety and Reliability Conference, 1351-1356
  17. NATO (2018). Approaches to Enhancing Cyber Resilience: Report of the North Atlantic Treaty Organization, Workshop IST-153
  18. NIST (2012). Guidance for Conducting Risk Assessments, Special Publication 800-30 Rev.1, National Institute of Standard and Technology, US Department of Commerce
  19. NIST (2019). Cyber Security Framework V1.1, National Institute of Standard and Technology, US Department of Commerce
  20. R. Ford, M. Carvalho, L. Mayron and M. Bishop (2012). Towards Metrics for Cyber Resilience, 21st EICAR Conference, 151-159
  21. R. Mock, B. Hulin and A. Leksin (2019). An Ontology of Risk Associated Concepts in the Context of Resilience, 29th European Safety and Reliability Conference, 1351-1356
  22. R. Ross, V. Pillitteri, R. Graubart, D. Bodeau and R. Mcquaid (2019). Developing Cyber Resilient Systems: A Systems Security Engineering Approach, NIST Special Publication 800-160, Volume 2
  23. R. von Solms and J. van Niekerk (2013). From information security to cyber security, Elsevier
  24. SANS (2020). Top New Attacks and Threat Report, SANS Institute
  25. Symantec (2014). The Cyber Resilience Blueprint: A New Perspective on Security
  26. Symantec (2019). Internet Security Threat Report, Vol. 24
  27. Varonis (2019). 100 Must-know Cybersecurity Statistics for 2020