Cyberworthiness
   HOME

TheInfoList



Click Here for Items Related To - Cyberworthiness
OR:
Cyberworthiness on:   [Wikipedia]   [Google]   [Amazon]

Cyber resilience refers to an entity's ability to continuously deliver the intended outcome, despite cyber attacks. Resilience to cyber attacks is essential to IT systems, critical infrastructure, business processes, organizations, societies, and nation-states. A related term is cyberworthiness, which is an assessment of the resilience of a system from cyber attacks. It can be applied to a range of software and hardware elements (such as standalone software, code deployed on an internet site, the browser itself, military mission systems, commercial equipment, or IoT devices). Adverse cyber events are those that negatively impact the availability, integrity, or confidentiality of networked IT systems and associated information and services. These events may be intentional (e.g.
cyber attack A cyberattack (or cyber attack) occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content. The rising dependence on increasingly complex and inte ...
) or unintentional (e.g. failed software update) and caused by humans, nature, or a combination thereof. Unlike
cyber security Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and networks from thr ...
, which is designed to protect systems, networks and data from cyber crimes, cyber resilience is designed to prevent systems and networks from being derailed in the event that security is compromised. Cyber security is effective without compromising the usability of systems and there is a robust continuity business plan to resume operations, if the cyber attack is successful. Cyber resilience helps businesses to recognize that hackers have the advantage of innovative tools, element of surprise, target and can be successful in their attempt. This concept helps business to prepare, prevent, respond and successfully recover to the intended secure state. This is a cultural shift as the organization sees security as a full-time job and embedded security best practices in day-to-day operations. In comparison to cyber security, cyber resilience requires the business to think differently and be more agile on handling attacks. The objective of cyber resilience is to maintain the entity's ability to deliver the intended outcome continuously at all times. This means doing so even when regular delivery mechanisms have failed, such as during a crisis or after a security breach. The concept also includes the ability to restore or recover regular delivery mechanisms after such events, as well as the ability to continuously change or modify these delivery mechanisms, if needed in the face of new risks.
Backup In information technology, a backup, or data backup is a copy of computer data taken and stored elsewhere so that it may be used to restore the original after a data loss event. The verb form, referring to the process of doing so, is "wikt:back ...
s and
disaster recovery IT disaster recovery (also, simply disaster recovery (DR)) is the process of maintaining or reestablishing vital infrastructure and systems following a natural or human-induced disaster, such as a storm or battle. DR employs policies, tools, ...
operations are part of the process of restoring delivery mechanisms.


Frameworks

Resilience, as defined by Presidential Policy Directive PPD-21, is the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Cyber resilience focuses on the preventative, detective, and reactive controls in an information technology environment to assess gaps and drive enhancements to the overall security posture of the entity. The Cyber Resilience Review (CRR) is one framework for the assessment of an entity's resiliency created by the
Department of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior, home, or public security ministries in other countries. Its missions invol ...
. Another framework created by
Symantec Symantec may refer to: * Gen Digital, an American consumer software company formerly known as Symantec * Symantec Security, a brand of enterprise security software purchased by Broadcom Broadcom Inc. is an American multinational corporation, ...
is based on 5 pillars: Prepare/Identify, Protect, Detect, Respond, and Recover. The
National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into Outline of p ...
's Special Publication 800-160 Volume 2 Rev. 1 offers a framework for engineering secure and reliable systems—treating adverse cyber events as both resiliency and security issues. In particular 800-160 identifies fourteen techniques that can be used to improve resiliency:


See also

*
Critical infrastructure protection In the U.S., critical infrastructure protection (CIP) is a concept that relates to the preparedness and response to serious incidents that involve the critical infrastructure of a region or the nation. The American Presidential directive PDD-63 o ...
*
Decentralization Decentralization or decentralisation is the process by which the activities of an organization, particularly those related to planning and decision-making, are distributed or delegated away from a central, authoritative location or group and gi ...
*
Internet censorship Internet censorship is the legal control or suppression of what can be accessed, published, or viewed on the Internet. Censorship is most often applied to specific internet domains (such as ''Wikipedia.org'', for example) but exceptionally may ...
*
Peer-to-peer Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network, forming a peer-to-peer network of Node ...
*
Proactive cyber defense Proactive cyber defense means acting in anticipation to oppose an attack through cyber and cognitive domains. Proactive cyber defense can be understood as options between offensive and defensive measures. It includes interdicting, disrupting or d ...
*
Resilience (organizational) Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", and business continuity planning (or business continuity ...
* Operational Collaboration *
Airworthiness In aviation, airworthiness is the measure of an aircraft's suitability for Air safety, safe flight. Initial airworthiness is demonstrated by a certificate of airworthiness issued by the civil aviation authority in the state in which the aircraft ...
*
Crashworthiness Crashworthiness is the ability of a structure to protect its occupants during an impact. This is commonly tested when investigating the safety of aircraft and vehicles. Different criteria are used to figure out how safe a structure is in a crash, ...
*
Roadworthiness Roadworthiness or streetworthiness is a property or ability of a car, bus, truck or any kind of automobile to be in a suitable operating condition or meeting acceptable standards for safe driving and transport of people, baggage or cargo in roads ...
*
Railworthiness RailworthinessRegistered Unit Standard: Man ...
*
Seaworthiness Seakeeping ability or seaworthiness is a measure of how well-suited a watercraft is to conditions when underway. A ship or boat which has good seakeeping ability is said to be very seaworthy and is able to operate effectively even in high sea sta ...
*
Spaceworthiness Spaceworthiness, or aerospaceworthiness, is a property, or ability of a spacecraft to perform to its design objectives and Flight dynamics (spacecraft), navigate successfully through both the outer space, space environment and the atmosphere as a ...


References

{{Reflist Computer security procedures IT infrastructure Cyberwarfare Security National security Business continuity Disaster preparedness Computing terminology