Abstract
Cyber resilience can help companies today thrive despite the adverse cyber threat environment. This discipline adds to cybersecurity the mindset of preparing for the unexpected and prioritizing business continuity over simply protecting systems and assets. However, cyber resilience operationalization requires knowledge and investing into its multiple domains and policies. Moreover, the only aids companies have for the operationalization of cyber resilience are frameworks that list the domains and policies, but do not guide them on an effective order in which to implement them. These aids will often require companies to select the set of policies that suits them and decide the order of implementation on their own. This selection process will require resources for acquiring the required knowledge on top of the resources for the implementation of the policies. Since most companies have limited resources and to minimize the investment required for cyber resilience operationalization, this study proposes an implementation order for cyber resilience policies based on the current literature and the iterative evaluation by six experts. This implementation order could potentially help companies operationalize cyber resilience effectively and diminish the investment needed to do so.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Allianz Global Corporate & Speciality: Allianz Risk Barometer: Top Business Risks for 2019, Munich, Germany (2019)
Bissel, K., Ponemon, L.: Ninth Annual Cost of Cybercrime Study Unlocking the Value of Improved Cybersecurity Protection (2019)
Schneier, B.: The future of incident response. IEEE Secur. Priv. 12, 96–97 (2014)
Deutscher, S.A., Bohmayr, W., Asen, A.: Building a Cyberresilient Organization, Boston, MA, USA (2017)
Goldman, H., McQuaid, R., Picciotto, J.: Cyber resilience for mission assurance. In: 2011 International Conference on Technologies for Homeland Security, HST 2011, pp. 236–241 (2011). https://doi.org/10.1109/THS.2011.6107877
Björk, F., Henkel, M., Stirna, J., Zdravkovic, J.: Cyber Resilience – Fundamentals for a Definition. Advances in Intelligent Systems and Computing, vol. 353, pp. III–IV (2015). https://doi.org/10.1007/978-3-319-16486-1
World Economic Forum: The Global Risks Report 2018, Geneva, Switzerland, 13th edn. (2018)
Carías, J., Labaka, L., Sarriegi, J., Hernantes, J.: Defining a cyber resilience investment strategy in an industrial Internet of Things context. Sensors 19, 138 (2019). https://doi.org/10.3390/s19010138
Center for Internet Security (CIS): CIS Controls V 7.1, NY, USA (2019)
Carnegie Mellon University (2016) Cyber Resilience Review (CRR). Department of Home Security. https://www.us-cert.gov/ccubedvp/assessments. Accessed 6 Feb 2018
Cranor, L.F.: A framework for reasoning about the human in the loop. In: Proceedings of the 1st Conference on Usability, Psychology, and Security, pp 1:1–1:15 (2008)
Millaire, P., Sathe, A., Thielen, P.: What All Cyber Criminals Know: Small & Midsize Businesses With Little or No Cybersecurity Are Ideal Targets, NJ, USA (2017)
Huelsman, T., Peasley, S.: Cyber risk in advanced manufacturing, VA, USA (2016)
Ben-Asher, N., Gonzalez, C.: Effects of cyber security knowledge on attack detection. Comput. Hum. Behav. 48, 51–61 (2015). https://doi.org/10.1016/j.chb.2015.01.039
NIST: Framework for Improving Critical Infrastructure Cybersecurity v 1.1, Gaithersburg, MD, USA (2018)
MITRE: Cyber Resiliency Metrics, VA, USA (2012)
Hevner, A., March, S., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28, 75 (2004). https://doi.org/10.2307/25148625
Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A design science research methodology for information systems research. J. Manag. Inf. Syst. 24, 45–77 (2007)
Caralli, R.A., Stevens, J.F., Young, L.R., Wilson, W.R.: Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process, PA, USA (2007)
International Organization for Standarization (ISO): Information technology — Security techniques — Code of practice for information security management Technologies (ISO 27002:2005), Geneva, Switzerland (2005)
Caralli, R.A., Allen, J.H., White, D.W., et al.: CERT Resilience Management Model, Version 1 2, Pittsburgh, PA (2016)
Acknowledgements
The authors thank the support from the Basque Government project ELKARTEK 2018 KK-2018/00076 and project ELKARTEK 2019 KK-2019/00072.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Carias, J.F., Borges, M.R.S., Labaka, L., Arrizabalaga, S., Hernantes, J. (2021). The Order of the Factors DOES Alter the Product: Cyber Resilience Policies’ Implementation Order. In: Herrero, Á., Cambra, C., Urda, D., Sedano, J., Quintián, H., Corchado, E. (eds) 13th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2020). CISIS 2019. Advances in Intelligent Systems and Computing, vol 1267. Springer, Cham. https://doi.org/10.1007/978-3-030-57805-3_29
Download citation
DOI: https://doi.org/10.1007/978-3-030-57805-3_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57804-6
Online ISBN: 978-3-030-57805-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)