Cyber Security as a Matter of Resilience

--Cyber Security as a Matter of Resilience (September 22, 2014) Experts say that the cyber security conversation is better served by focusing on resilience rather than on prevention. Adm. Michael Rogers, NSA Director and commander of US Cyber Command, said that the question is "How, in the midst of degradation and penetration, can we still have confidence in the systems?"

http://www.federaltimes.com/article/20140922/CYBER/309220008/IT-security-shifts-from-prevention-resiliency

[Editor's Note (Weatherford): This is the new theme for cybersecurity - the ability to continue fighting when you're hurt is the differentiator between a successful security organization and the one picking up the pieces after an incident and wondering what happened.

(Murray): I have liked this idea since I first heard it three years ago.

That said, resilience of the whole is improved by the "prevention" of the parts.

(Honan): Focusing on resilience provides an added advantage as it requires a shift from thinking about cyber security in pure technical terms into what does the business need in order to survive an incident?

 

This approach brings the whole topic of cyber security to the board and senior management as they have to determine what is important from a business perspective for the organisation to survive a security incident.]

Peter Davis from a SANS posting