Access and Feeds

Cybersecurity and Cyber-resiliency: Proactive and Reactive Planning

By Dick Weisinger

Cybersecurity and cyber-resilience. What’s the difference?

Cybersecurity is about protecting computer infrastructure from hacking and damage. It is all about prevention and is often enforced with strong authentication, encryption, layered security, and the securing of applications.

Cyber-resiliency is the management of the recovery process should security protections fail. It is about business continuity, system redundancy, developing a strategy to react to attacks, and the cleanup and restoration of operations after a breach.

Cybersecurity is proactive, while cyber-resiliency involves preparation for the inevitable failure and is reactive.

Many organizations emphasize cybersecurity, not cyber-resilience. The assumption might be that with good cybersecurity there may be little need for a cyber-resilience response.

Matt Torrens, the COO at Sprout IT, said that “to protect businesses from cyber threats, we must first be able to recognize risks (combining threats and vulnerabilities) and go on to define solutions to help manage those risks. Response and recovery plans may then take many different forms but should always have the aim of enabling the organization to rally with minimal financial or reputational damage. When it comes to cyber security, in general, organizations across all sectors still tend to emphasize protection over response and recovery. While in the last few years, cyber insurance has become more commonplace, many organizations have still not considered how they would respond to a major attack at all.”

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published. Required fields are marked *

*

16 − eleven =