Approach to Cyber Resilience

Securing systems and information in cyberspace is a real challenge. It is widely accepted that protection measures can only go so far, and that a security breach will eventually happen. When it does, all concerned will be judged on their handling of such an incident.

Simple incidents are relatively easy to handle for trained cybersecurity staff. But when cyber-attacks take on a larger scope and have the potential to create a crisis, preparedness is the only solution for limiting damage and recovering promptly; in other words, to having cyber resilience.

And preparedness requires exercising for scenarios of concern.

Focusing on the Human Angle

The functions “Identify, Protect, Detect, Respond, and Recover” are commonly used by governments and private industry as a simple yet complete model for cybersecurity. 

However, these functions are heavily dependent on human behaviour, not just traditional security technologies. Cyber exercises are the best way to improve the human aspect of these critical functions. 

For large organizations and governments, the need goes well beyond individual and collective training. Customized and realistic cyber exercises are essential to achieving preparedness and ultimately cyber resilience, based on a well-governed education, training, exercise, and evaluation program.

Detect Protect Identify Recover Respond