No enterprise will ever be 100% secure. There are just too many threats. This article presents seven practical steps to achieving cyberresilience. Cyber resilience is not a traditional defensive stance. It requires a change in the way organizations approach security of its information and communication technology (ICT) asset base. Cyber resilience is integrated into the "bones" of the organization and requires the organization to develop a well-defined, explicit architecture of controls to ensure cyber resiliency. The controls assure provable protection of critical ICT assets and their various interdependencies from every form of electronic, human and physical threat; inside and outside the enterprise's eco-system. Cyberresilient architectures make attacks less likely to succeed, minimize the consequences when they do, increase the work-factor cost and uncertainty for the adversary, and possibly act as a deterrent against future attacks. Cyber resilience is enforced as an organizational condition rather than a deployed set of explicit countermeasures. This goal requires that a robust set of concrete controls are embedded in the enterprise architecture. Effective implementation of a cyber-resilient enterprise architecture requires strategic vision. It also requires day-to-day engagement across the enterprise to ensure that the controls that enable cyber resilience are effective.
展开▼