Interior Page Icon

Key Concepts & Terms

Cyber resiliency is the extent to which a nation, organization, or mission is able to withstand and rapidly recover from deliberate attacks, accidents, or naturally occurring threats to its critical cyber resources. Cyber resiliency is quickly emerging as a key component in any effective defense strategy. While cyber security is focused on keeping adversaries out, cyber resiliency is based on the assumption that an advanced adversary is not easily thwarted. Should the ongoing stresses of a persistent threat result in a successful attack, organizations must ensure that their essential functions can continue despite these adverse conditions.

Cyber security is designed to ensure that the objectives of confidentiality, integrity, availability, and accountability are achieved at acceptable levels. Cyber resiliency assumes that good cyber security practices are already in place - and then builds on them. Because cyber security functions, such as user identification and authentication, are prerequisites to other functionality, cyber resiliency techniques are particularly important to the architecture, design, and implementation of these functions.

Cyber Resiliency Activities

To be more resilient, organizations should engage in six key activities to prepare and plan for the inevitability of a cyber attack and six key activities to recover from a cyber attack once it has been detected.

Planning and Preparation Activities

Recovery and Reconstitution Activities

Cyber Resiliency Engineering Framework

The Cyber Resiliency Engineering Aid includes the updated Cyber Resiliency Engineering Framework that will help your organization determine its resiliency goals and objectives and identify implementation approaches for achieving them.

Goals

Objectives

Cyber Reiliency Techniques

Each of the Prepare and Plan and Recover and Reconstitute activities leverages a combination of techniques to maximize resiliency.