An interesting paper, What Good Cyber Resilience Looks Like (behind paywal).
I have heard many conversations indicating that compliance is not security. This is evidenced by the massive number of data breaches that we see commonly reported in the media today. However the second part of that conversation usually leads towards technology solutions in place of compliance. This is not the answer either.
This paper describes the basic idea behind cyber resilience and describes it as the following basic concepts:
1. Know your mission. Cyber resilience isn’t just about incident response, it is about keeping business running despite what ever cyber incident is occurring. Each business needs to describe what that looks like for them
2. Cyber is everything. Integrate cyber throughout the organisation. It isn’t just the responsibility of the security practitioners employed by the organisation but something that every business function needs to address
3. People. Invest in your people. Train them and keep them. Technology will be useless without them
All very self evident ideas, but ideas that often get lost in the conversation around cyber in general.
https://www.researchgate.net/publication/282081616_What_good_cyber_resilience_looks_like