Difference between revisions of "Cyber Resilience"

From CIPedia
Jump to navigation Jump to search
(See also)
(48 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Definitions==
 
==Definitions==
<!--=== European Definitions ===-->
+
=== European Definitions ===
 +
==== [[ECA]] ====
 +
{{definition|Cyber resilience: The ability to prevent, prepare for, withstand and recover from [[Cyber Attack|cyberattacks]] and incidents. <ref name="ECA">[https://www.eca.europa.eu/Lists/ECADocuments/BRP_CYBERSECURITY/BRP_CYBERSECURITY_EN.pdf European Court of Auditors, Challenges to effective EU cybersecurity policy, Briefing Paper, March 2019]</ref><br/><br/>[BG] Киберустойчивост: Способността за предотвратяване, подготовка, устояване и възстановяване от кибератаки и инциденти.<br/><br/>[CS] Kybernetická odolnost: Schopnost kybernetickým útokům a bezpečnostním incidentům zabránit, připravit se na ně, odolat jim a zotavit se z nich.<br/><br/>[DK] Cyberrobusthed: Evnen til at forhindre, forberede sig på, modstå og komme sig over cyberangreb og -hændelser.<br/><br/>[DE] Cyber-Resilienz: Die Fähigkeit, Cyberangriffe und Vorfälle zu verhindern, sich darauf vorzubereiten, ihnen standzuhalten und sich davon zu erholen. <br/><br/>[ES] Ciberresiliencia: Capacidad de prevenir los ciberataques e incidentes, de prepararse para los mismos, de resistir y de recuperarse ante estos.<br/><br/>[NE] Cyberweerbaarheid: Het vermogen om cyberaanvallen en -incidenten te voorkomen, erop voorbereid te zijn, ze te weerstaan en ervan te herstellen.}}<br/>
 +
 
 
=== National definitions ===
 
=== National definitions ===
 +
==== [[Costa Rica]] ====
 +
{{definition|Ciber-resiliencia / Resiliencia cibernética (Cyber resilience): Habilidad de prepararse para, adaptarse, soportar, y rápidamente recuperarse de interrupciones resultantes de ataques deliberados, amenazas o incidentes accidentales u ocurridos naturalmente.  <ref name=CR>[https://micit.go.cr/images/imagenes_noticias/10-11-2017__Ciberseguridad/Estrategia-Nacional-de-Ciberseguridad-de-Costa-Rica-11-10-17.pdf Estrategia Nacional de Ciberseguridad de Costa Rica (2017)]</ref>}}Sinónimo o equivalente a ciberresiliencia.<br/><br/>
 +
 +
==== [[France]] ====
 +
{{definition|Resilience In the field of computing, the ability of an information system to withstand a breakdown or cyberattack and return to its initial operating state after the incident. <ref>[http://www.ssi.gouv.fr/uploads/IMG/pdf/2011-02-15_Information_system_defence_and_security_-_France_s_strategy.pdf Information systems defence and security: France's Strategy]</ref><br/><br/>Resilience En informatique, capacité d’un système d’information à résister à une panne ou à une cyberattaque et à revenir à son état initialaprès l’incident. <ref>[http://www.ssi.gouv.fr/uploads/IMG/pdf/2011-02-15_Defense_et_securite_des_systemes_d_information_strategie_de_la_France.pdf La Stratégie de la France en matière de défense et de sécurité des systèmes d’information (2011)]</ref>}}
 +
<br />
 +
==== [[Indonesia]] ====
 +
{{definition|Cyber resilience: Terselenggaranya [[Critical Information Infrastructure|infrastruktur informasi kritikal nasional]]. <ref>[http://www.dephub.go.id/public/files/uploads/posts/posts/postbody/strategi_cs_nasional_desember2016.pdf Indonesia National Cyber Security Strategy development (presentation), 2016]</ref>}}Dengan pendekatan ini maka [[Critical Information Infrastructure|infrastruktur informasi kritis]] ini harus tahan terhadap [[Threat|ancaman]], dan tetap dapat beroperasi untuk melayani publik walaupun terjadi ataupun [[Damage|kerusakan]] sebagian.<br /><br/>
 +
==== [[Jordan]] ====
 +
{{definition|Cyber Resilience: The overall ability of systems and organisations to withstand cyber events and, where harm is caused, recover from them.  <ref> [http://moict.gov.jo/uploads/studies/National%20Cyber%20Security%20Strategy%202018-2023.pdf National Cyber Security Strategy (2018-2023)]</ref>}}<br/><br/>
 +
 +
 
==== [[New Zealand]] ====
 
==== [[New Zealand]] ====
{{definition|Cyber Resilience involves detection, protection and recovery from cyber incidents. <ref>[http://www.dpmc.govt.nz/sites/all/files/publications/nz-cyber-security-strategy-december-2015.pdf New Zealand’s Cyber Security Strategy (2015)]</ref>}}  
+
{{definition|Cyber Resilience involves detection, protection and [[recovery]] from cyber [[incident|incidents]]. <ref>[http://www.dpmc.govt.nz/sites/all/files/publications/nz-cyber-security-strategy-december-2015.pdf New Zealand’s Cyber Security Strategy (2015)]</ref>}}<br/>
 +
====[[North Macedonia]]====
 +
{{definition|Сајбер отпорност - способноста да се подготви, да се прилагоди, издржи и брзо да закрепне од пореметувања што произлегуваат од намерни напади, несреќи или природни закани или инциденти во сајбер просторот. <ref>[http://www.mioa.gov.mk/sites/default/files/pbl_files/documents/strategies/ns_sajber_bezbednost_2018-2022.pdf НАЦИОНАЛНА СТРАТЕГИЈА ЗА САЈБЕР БЕЗБЕДНОСТ НА РЕПУБЛИКА МАКЕДОНИЈА 2018 -2022]</ref> <ref>[http://www.mioa.gov.mk/sites/default/files/pbl_files/documents/strategies/cyber_security_strategy_macedonia_2018-2022_-_eng.pdf National Cyber Security Strategy of the Republic of Macedonia (2018)]</ref>}}<br/><br/>
 +
==== [[Papua New Guinea]] ====
 +
{{definition|Cyber resilience refers to an entity's ability to continuously deliver the intended outcome, despite adverse cyber events. It is the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from  disruptions. Cyber resilience focuses on the preventative, detective, and reactive controls in an information technology environment to assess gaps and drive enhancements to the overall security posture of the entity.  <ref>[http://ict.gov.pg/wp-content/uploads/2020/docs/cybersecuritypolicy2020.pdf National Cyber Security Strategy (2020)]</ref>}}<br/><br/>
 +
 
 +
==== [[Qatar]] ====
 +
{{definition|Cyber resilience is the ability to prepare for, adapt to, withstand, and rapidly recover from disruptions resulting from deliberate attacks, accidents, or naturally occurring [[threat|threats]] or [[incident|incidents]]. <ref>[http://www.ictqatar.qa/en/cyber-security/national-cyber-security-strategy QATAR National Cyber Security Strategy (May 2014)]</ref><br/><br/>المرونة  وهي القدرة ع ى الاستعداد والتكيف مع الظروف المتغ يرة والصمود والتعا في ´ بسرعة من الاضطرابات ال ت ي  تنتج عن الهجمات أو الحوادث المتعمدة أو تلك ال ت ي  قد تحدث أ لسباب طبيعية. <ref>[http://www.ictqatar.qa/ar/cyber-security/national-cyber-security-strategy الاستراتيجية الوطنية للأمن السيبراني QATAR NCSS - Arabic version (May 2014)]</ref>}}  
 
<br />
 
<br />
  
 
==== [[Romania]] ====
 
==== [[Romania]] ====
{{definition|Rezilienţa infrastructurilor cibernetice: capacitatea componentelor infrastructurilor cibernetice de a rezista unui incident sau atac cibernetic şi de a reveni la starea de normalitate. <br/><br/>Cyber ''infrastructure'' resilience the capacity of infrastructure components to withstand cyber attack or cyber incident and return to normality. <ref>[https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/StrategiaDeSecuritateCiberneticaARomaniei.pdf Hotărârea nr. 271/2013 pentru aprobarea Strategiei de securitate cibernetică]</ref>}}  
+
{{definition|Rezilienţa infrastructurilor cibernetice: capacitatea componentelor infrastructurilor cibernetice de a rezista unui incident sau atac cibernetic şi de a reveni la starea de normalitate. <br/><br/>Cyber ''infrastructure'' resilience the capacity of infrastructure components to withstand cyber attack or cyber incident and return to normality. <ref>[https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/StrategiaDeSecuritateCiberneticaARomaniei.pdf Hotărârea nr. 271/2013 pentru aprobarea Strategiei de securitate cibernetică]</ref>}}
 
<br />
 
<br />
 +
 +
====[[United Kingdom|United Kingdom (UK)]]====
 +
{{definition|Cyber resilience – the overall ability of systems and organisations to withstand cyber [[Event|events]] and, where harm is caused, recover from them. <ref>[https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/564268/national_cyber_security_strategy.pdf National Cyber Security Strategy 2016, HM Government]</ref>}}
 +
<br/>
 +
==== [[United States]]====
 +
=====[[NIST]]=====
 +
{{definition|''Information System Resilience'':  The ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs. (from: NIST SP 800-53 Rev 4) <ref name=NIST>[https://csrc.nist.gov/Glossary NIST Glossary]</ref>}}<br/>
  
 
=== Other Definitions ===
 
=== Other Definitions ===
 
====[[Scotland]]====
 
====[[Scotland]]====
{{definition|Cyber resilience is being able to prepare for, adapt to, withstand and rapidly recover and learn from disruptions from cyber criminality/attacks. <ref>[http://www.gov.scot/Publications/2015/06/5015/13 Scottish Government Consultation on proposal
+
{{definition|Cyber resilience is being able to prepare for, withstand, rapidly recover and learn from deliberate attacks or accidental events in the online world. <ref>[http://www.gov.scot/Resource/0048/00489206.pdf Scottish Government: Safe, Secure and Prosperous: A Cyber Resilience Strategy for Scotland]</ref>}}
for a Cyber Resilience Strategy for Scotland]</ref>}}
 
 
To do this, people need to develop the skills, knowledge and understanding of the risk, in whatever setting they find themselves in, and then take the necessary steps to prepare for and respond to such events. <br />
 
To do this, people need to develop the skills, knowledge and understanding of the risk, in whatever setting they find themselves in, and then take the necessary steps to prepare for and respond to such events. <br />
 +
====[[Victoria]] (Australia) ====
 +
{{definition|Cyber resilience means having appropriate internal cyber [[capability]], strong governance and policy, strategic partnering, cyber situational awareness, ongoing cyber risk assessments (including understanding the [[Risk|risks]] and flow-on [[impact]] of a cyber breach), clear communication mechanisms, and a rapid cyber breach response capability. <ref>[http://www.enterprisesolutions.vic.gov.au/wp-content/uploads/2017/08/153-DPC-Cyber-Security-Strategy-12-%C6%92-web.pdf Cyber Security Strategy Victoria (2017)]</ref>}}<br />
 +
{{definition|Cyber resilience is the organisation’s capability to withstand negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected threats from activities in cyberspace (ISF 2011). <ref>[https://www.enterprisesolutions.vic.gov.au/wp-content/uploads/2016/08/ICT-Network-and-Cyber-Security-Statement-of-Direction-20160817.pdf Network and Cyber Security Statement by Victorian government (2017)]</ref>}}<br />
 +
 
=== Other International Definitions ===
 
=== Other International Definitions ===
 
====Cyber Resilience.org====
 
====Cyber Resilience.org====
Line 20: Line 52:
 
====[[WEF|World Economic Forum]]====
 
====[[WEF|World Economic Forum]]====
 
{{definition|The ability of systems and organizations to withstand cyber [[event]]s, measured by the combination of mean time to failure and mean time to recovery. <ref>[http://www3.weforum.org/docs/WEF_IT_PartneringCyberResilience_Guidelines_2012.pdf WEF Partnering for Cyber Resilience Guidelines 2012]</ref>}}<br />
 
{{definition|The ability of systems and organizations to withstand cyber [[event]]s, measured by the combination of mean time to failure and mean time to recovery. <ref>[http://www3.weforum.org/docs/WEF_IT_PartneringCyberResilience_Guidelines_2012.pdf WEF Partnering for Cyber Resilience Guidelines 2012]</ref>}}<br />
<!--
 
=== National Definitions ===
 
===Standard Definition=== -->
 
  
 +
=== Academic Definitions ===
 +
Fredrik Björg et al. recently have published a paper on [http://dx.doi.org/10.1007/978-3-319-16486-1_31 Cyber Resilience - fundamentals for a definition].
 +
 +
=== [[Dictionary]]===
 +
{{definition|Cyberweerbaarheid: Weerbaarheid: het vermogen om (relevante) digitale risico’s tot een aanvaardbaar niveau te reduceren door middel van een verzameling van maatregelen om cyberincidenten te voorkomen en wanneer cyberincidenten zich hebben voorgedaan deze te ontdekken, schade te beperken en herstel eenvoudiger te maken  <ref>[https://www.cybersecurityalliantie.nl/ecp_images/2021/12/Cybersecurity-Woordenboek-2021_ZonderSpreads.pdf Cybersecurity Woordenboek 2021]</ref>}}<br/><br/>
 +
{{#set:defined by=Dictionary}}
 
==See also==
 
==See also==
  
Line 39: Line 74:
 
[[Category:Resilience]]
 
[[Category:Resilience]]
 
[[Category:Security]]
 
[[Category:Security]]
{{#set:defined by=Scotland|defined by=WEF|defined by=New Zealand|defined by=Romania}}
+
{{#set:defined by=ECA|defined by=Costa Rica|defined by=Scotland|defined by=WEF|defined by=France|defined by=Indonesia|defined by=Jordan|defined by=North Macedonia|defined by=New Zealand|defined by=Papua New Guinea|defined by=Romania|defined by=Qatar|defined by=United Kingdom|defined by=United States|defined by=NIST}}
 +
{{#set: Showmainpage=Yes}}

Revision as of 21:49, 19 February 2022

Definitions

European Definitions

ECA

Cyber resilience: The ability to prevent, prepare for, withstand and recover from cyberattacks and incidents. [1]

[BG] Киберустойчивост: Способността за предотвратяване, подготовка, устояване и възстановяване от кибератаки и инциденти.

[CS] Kybernetická odolnost: Schopnost kybernetickým útokům a bezpečnostním incidentům zabránit, připravit se na ně, odolat jim a zotavit se z nich.

[DK] Cyberrobusthed: Evnen til at forhindre, forberede sig på, modstå og komme sig over cyberangreb og -hændelser.

[DE] Cyber-Resilienz: Die Fähigkeit, Cyberangriffe und Vorfälle zu verhindern, sich darauf vorzubereiten, ihnen standzuhalten und sich davon zu erholen.

[ES] Ciberresiliencia: Capacidad de prevenir los ciberataques e incidentes, de prepararse para los mismos, de resistir y de recuperarse ante estos.

[NE] Cyberweerbaarheid: Het vermogen om cyberaanvallen en -incidenten te voorkomen, erop voorbereid te zijn, ze te weerstaan en ervan te herstellen.


National definitions

Costa Rica

Ciber-resiliencia / Resiliencia cibernética (Cyber resilience): Habilidad de prepararse para, adaptarse, soportar, y rápidamente recuperarse de interrupciones resultantes de ataques deliberados, amenazas o incidentes accidentales u ocurridos naturalmente. [2]

Sinónimo o equivalente a ciberresiliencia.

France

Resilience In the field of computing, the ability of an information system to withstand a breakdown or cyberattack and return to its initial operating state after the incident. [3]

Resilience En informatique, capacité d’un système d’information à résister à une panne ou à une cyberattaque et à revenir à son état initialaprès l’incident. [4]


Indonesia

Cyber resilience: Terselenggaranya infrastruktur informasi kritikal nasional. [5]

Dengan pendekatan ini maka infrastruktur informasi kritis ini harus tahan terhadap ancaman, dan tetap dapat beroperasi untuk melayani publik walaupun terjadi ataupun kerusakan sebagian.

Jordan

Cyber Resilience: The overall ability of systems and organisations to withstand cyber events and, where harm is caused, recover from them. [6]




New Zealand

Cyber Resilience involves detection, protection and recovery from cyber incidents. [7]


North Macedonia

Сајбер отпорност - способноста да се подготви, да се прилагоди, издржи и брзо да закрепне од пореметувања што произлегуваат од намерни напади, несреќи или природни закани или инциденти во сајбер просторот. [8] [9]



Papua New Guinea

Cyber resilience refers to an entity's ability to continuously deliver the intended outcome, despite adverse cyber events. It is the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Cyber resilience focuses on the preventative, detective, and reactive controls in an information technology environment to assess gaps and drive enhancements to the overall security posture of the entity. [10]



Qatar

Cyber resilience is the ability to prepare for, adapt to, withstand, and rapidly recover from disruptions resulting from deliberate attacks, accidents, or naturally occurring threats or incidents. [11]

المرونة وهي القدرة ع ى الاستعداد والتكيف مع الظروف المتغ يرة والصمود والتعا في ´ بسرعة من الاضطرابات ال ت ي تنتج عن الهجمات أو الحوادث المتعمدة أو تلك ال ت ي قد تحدث أ لسباب طبيعية. [12]


Romania

Rezilienţa infrastructurilor cibernetice: capacitatea componentelor infrastructurilor cibernetice de a rezista unui incident sau atac cibernetic şi de a reveni la starea de normalitate.

Cyber infrastructure resilience the capacity of infrastructure components to withstand cyber attack or cyber incident and return to normality. [13]


United Kingdom (UK)

Cyber resilience – the overall ability of systems and organisations to withstand cyber events and, where harm is caused, recover from them. [14]


United States

NIST
Information System Resilience: The ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs. (from: NIST SP 800-53 Rev 4) [15]


Other Definitions

Scotland

Cyber resilience is being able to prepare for, withstand, rapidly recover and learn from deliberate attacks or accidental events in the online world. [16]

To do this, people need to develop the skills, knowledge and understanding of the risk, in whatever setting they find themselves in, and then take the necessary steps to prepare for and respond to such events.

Victoria (Australia)

Cyber resilience means having appropriate internal cyber capability, strong governance and policy, strategic partnering, cyber situational awareness, ongoing cyber risk assessments (including understanding the risks and flow-on impact of a cyber breach), clear communication mechanisms, and a rapid cyber breach response capability. [17]


Cyber resilience is the organisation’s capability to withstand negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected threats from activities in cyberspace (ISF 2011). [18]


Other International Definitions

Cyber Resilience.org

Cyber resilience refers to the ability to continuously deliver the intended outcome despite adverse cyber events. [19]


World Economic Forum

The ability of systems and organizations to withstand cyber events, measured by the combination of mean time to failure and mean time to recovery. [20]


Academic Definitions

Fredrik Björg et al. recently have published a paper on Cyber Resilience - fundamentals for a definition.

Dictionary

Cyberweerbaarheid: Weerbaarheid: het vermogen om (relevante) digitale risico’s tot een aanvaardbaar niveau te reduceren door middel van een verzameling van maatregelen om cyberincidenten te voorkomen en wanneer cyberincidenten zich hebben voorgedaan deze te ontdekken, schade te beperken en herstel eenvoudiger te maken [21]



See also

Notes