Appendix E: Cyber Resilience Framework by NIST1
AS ALREADY OUTLINED IN Chapter 5, Appendix E is for further reading and guidance on cyber resilience. A robust cyber resilience strategy empowers executives to foresee a compromise and decide what is and is not a priority. A governance structure, complete with policies and processes, may be integrated into business strategy. The key is always to have an organization-specific cyber resilience framework regularly evaluated to ensure that it remains relevant in the face of emerging challenges. Below are the two chapters of NIST SP 800-160 Vol. by the U.S. Department of Homeland Security 2.
CHAPTER TWO
The Fundamentals
Understanding the Concepts Associated with Cyber Resiliency
This section presents an engineering framework for understanding and applying cyber resiliency, the cyber resiliency constructs that are part of the framework, a concept of use for the framework, and engineering considerations for implementing cyber resiliency in the system life cycle. The discussion relies on several terms including cyber resiliency concepts and constructs, engineering practices, and solutions.
Cyber resiliency concepts are related to the problem domain and the solution set for cyber resiliency. The concepts are represented in cyber resiliency risk models and by cyber resiliency constructs.19 The constructs are the basic elements (i.e., building blocks) of the cyber resiliency engineering framework and include goals, objectives, techniques, ...
Get Executive's Guide to Cyber Risk now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
