Improving Cyber Security with Resilience

  • Dejan Škanata University of Applied Sciences Velika Gorica
Keywords: Cyber security, cyber resilience, risk assessment and management, resilience engineering

Abstract

Cyber security is commonly defined as the practice of protecting computers, networks, programs and data from unauthorized access or malicious attacks that are aimed for exploitation. Hence, cyber security is focused primary on malicious activities prevention and protection from occurring. Prevention and protection objectives have been usually achieved by applying traditional risk assessment and management procedures. Despite these efforts it has been shown that complete security of IT systems and data is almost impossible to achieve. Namely, by increasing number and type of different cyber threats the cyber incidents are becoming inevitable. Thus, even the strong cyber security is not enough anymore. Because of that organizations need to build the cyber resilience which mainly deals with system respond and recovery after disruptive event occurring. Cyber security combined with cyber resilience opens a new perspective towards better overall security of IT systems.

References

AIIC (2016). Guidelines for Critical Infrastructures Resilience Evaluation, Italian Association of Critical Infrastructures Experts

Ascentor (2019). Cyber Security, What’s the difference between cyber security and cyber resilience – and why does resilience matter?

C. Holling (1973). Resilience and stability of ecological systems, Annual Review of Ecology and Systematics, 4, 1-23

CBC (2018). Building Cyber Resilience, Conference Board of Canada

CRA (2019). 2019 MidYear QuickView Data Breach Report, Cyber Risk Analytics

CV (2019). 2019 Official Annual Cybercrime Report, Caybersecurity Ventures

D. Bodeau and R. Graubart (2016). Cyber Resilience Metrics: Key Observations, The MITRE Corporation

D. Dobrygowski (2016). Cyber Resilience: Everything you (really) need to know, World Economic Forum

E.D. Vugrin and J. Turgeon (2013). Advancing Cyber Resilience Analysis with Performance-Based Metrics from Infrastructure Assessments, International Journal of Secure Software Engineering, 4(1), 75-96

EUCIRCLE (2018). D4.2: Resilience Prioritization Module and D4.5: CI resilience Indicators, Fraunhofer (Germany), Artelia (France), NCSR (Greece) and UVG (Croatia)

G.P. Cimellaro, A.M. Reinhord and M. Bruneau (2006). Quantification of Seismic Resilience, Proceedings of the 8th U.S. National Conference on Earthquake Engineering, Paper no. 1094

I. Linkov, D.A. Eisberg, K. Plourde, T.P. Seager, J. Allen and A. Kott (2013). Resilience metrics for cyber systems, Springer

I. Linkov, T. Bridges, F. Creutzig, J. Decker, C. Fox-Lent, W. Kroger, J.L. Lambert, A. Levermann, B. Montreuil, J. Nathwani, R. Nyer, O. Renn, B. Scharte, A. Scheffler, M. Schreurs and T. Theil-Clemen (2014). Changing the Resilience Paradigm, Nature Climate Change, 4, 407-409

ISO (2018). ISO/IEC 27000:2018, Information technology - Security techniques - Information security management systems - Overview and vocabulary, International Organization for Standardization

L. Carlson, G. Bassett, W. Buehring, M. Collins, S. Fologa, B. Haffenden, F. Petit, J. Phillips, D. Verner and R. Whitfield (2012). Resilience: Theory and Applications, Argonne National Laboratory

M. Deublein, F. Roth, C. Willi, K. Anastassiadou and U. Bergerhausen (2019). Linking science to practice: a pragmatic approach for the assessment of measures to improve the resilience of transportation infrastructure systems, 29th European Safety and Reliability Conference, 1351-1356

NATO (2018). Approaches to Enhancing Cyber Resilience: Report of the North Atlantic Treaty Organization, Workshop IST-153

NIST (2012). Guidance for Conducting Risk Assessments, Special Publication 800-30 Rev.1, National Institute of Standard and Technology, US Department of Commerce

NIST (2019). Cyber Security Framework V1.1, National Institute of Standard and Technology, US Department of Commerce

R. Ford, M. Carvalho, L. Mayron and M. Bishop (2012). Towards Metrics for Cyber Resilience, 21st EICAR Conference, 151-159

R. Mock, B. Hulin and A. Leksin (2019). An Ontology of Risk Associated Concepts in the Context of Resilience, 29th European Safety and Reliability Conference, 1351-1356

R. Ross, V. Pillitteri, R. Graubart, D. Bodeau and R. Mcquaid (2019). Developing Cyber Resilient Systems: A Systems Security Engineering Approach, NIST Special Publication 800-160, Volume 2

R. von Solms and J. van Niekerk (2013). From information security to cyber security, Elsevier

SANS (2020). Top New Attacks and Threat Report, SANS Institute

Symantec (2014). The Cyber Resilience Blueprint: A New Perspective on Security

Symantec (2019). Internet Security Threat Report, Vol. 24

Varonis (2019). 100 Must-know Cybersecurity Statistics for 2020

Published
2020-11-17
How to Cite
Škanata, D. (2020). Improving Cyber Security with Resilience. Annals of Disaster Risk Sciences, 3(1). https://doi.org/10.51381/adrs.v3i1.43