Cyber Resilience Fundamentals | springerprofessional.de

Springer Professional

Top

2024 | Book

Read chapter Read first chapter

Cyber Resilience Fundamentals

Authors: Simon Tjoa, Melisa Gafić, Peter Kieseberg

Publisher: Springer International Publishing

Book Series : Studies in Systems, Decision and Control

Part of: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Login to get access

About this book

This book provides readers with the necessary capabilities to meet the challenge of building and testing resilient IT services. Upon introducing the fundamentals of cyber resilience with important international standards and best practices, and the risk management process, the book covers in detail the cyber resilience management process. Here, it gives insights into the principles and design criteria to build cyber resilience in organizations, and to integrate it into operations to contribute to incident preparedness. Further, it describes measures for incident handling, including detection, containment, and post-incident handling, and analyses the most critical aspects of cyber resilience testing, such as auditing, exercising, and testing. Written for advanced undergraduate students attending information security and business continuity management courses, this book also addresses researchers and professionals in the broad field of IT Security and cyber resilience.

Advertisement

Table of Contents

Frontmatter

Chapter 1. Introduction

Abstract

The benefits of digital transformation of organizations, emerging technologies (e.g., artificial intelligence), and modern information and communication technologies are undeniable. Therefore, regardless of industry, all organizations depend highly on digital products and services, making them more vulnerable to cyber-attacks than ever before. Past incidents have demonstrated the far-reaching consequences (e.g., power outages, disruption of medical care) that can occur when a disruptive attack compromises systems of critical infrastructure providers. Cyber attacks are not limited to large organizations but often affect small and medium enterprises (e.g., Ransomware attacks). In order to increase trust in information systems and cyber infrastructures, countries worldwide adopted new laws and regulations. All these circumstances led to the need for a new discipline “cyber resilience”. Cyber resilience promotes a change in thinking and no longer assumes that information systems can be fully protected from cyber attacks. Therefore, new design principles and techniques must be applied to ensure the resilience of critical functions even if parts of the systems are compromised. This book provides a basic understanding of this new discipline by introducing the cyber resilience foundations.

Simon Tjoa, Melisa Gafić, Peter Kieseberg

Chapter 2. Cyber Resilience Fundamentals

Abstract

Cyber resilience is a new and emerging discipline that has gained a lot of attention in the recent past. As cyber resilience has many interfaces and relationships with other disciplines, such as information or cyber security, this chapter highlights the differences between these disciplines and how they complement each other. As a good understanding of the different cyber adversaries, their motivations, and capabilities is essential for planning appropriate cyber resilience measures, this chapter provides further information on cyber adversaries and cyber threats. It then presents high-level tactics for defenders to identify and select countermeasures and improve cyber resilience.

Simon Tjoa, Melisa Gafić, Peter Kieseberg

Chapter 3. Standards and Best Practices

Abstract

Cyber resilience is an emerging and highly dynamic discipline that poses major challenges for many organizations. For effective design, implementation, and maintenance, it is necessary to use existing expert knowledge, which is often represented in relevant standards and best practices. Organizations in all sectors, including operators of critical infrastructures, are recommended to implement the standards and specifications to ensure high cyber resilience. The applied norms and standards represent the national and international state of the art and reflect current best practices worldwide. This chapter outlines the benefits that arise from the usage of standards and presents commonly used standards and best practices that guide the enhancement of cyber resilience.

Simon Tjoa, Melisa Gafić, Peter Kieseberg

Chapter 4. Managing the Cyber Resilience Process

Abstract

Building an organization’s cyber resilience is a challenging and complex task that requires appropriate management in order to achieve the goals set. To tackle this challenge and to ensure effective and efficient implementation of cyber resilience, it is necessary to establish a structured and systematic approach. This chapter supports this endeavor and provides an overview of how the alignment of cyber resilience with the requirements of critical internal and external stakeholders can be achieved. It also explains the structure of modern management systems that enable continual process improvement. Furthermore, it introduces vital management tasks that can be used to plan, implement, execute, and improve cyber resilience activities.

Simon Tjoa, Melisa Gafić, Peter Kieseberg

Chapter 5. Analyzing the Organization

Abstract

Protecting an organization before, during, and after an attack requires solid knowledge of the organization’s most important assets. It is also essential to have a clear understanding of how disruption, modification, and disclosure of information and information systems could affect the ability of the organization to perform its vital business processes and activities. In addition, it is essential to know which information is particularly important for the organization and what risks information assets are exposed to. Therefore, asset management and risk assessment are central to evaluating the current risk situation and prioritizing the implementation of resilience measures. Thus, this chapter outlines essential risk management concepts, highlights the critical risk management tasks, and provides an introduction to business impact analysis.

Simon Tjoa, Melisa Gafić, Peter Kieseberg

Chapter 6. Building Cyber Resilience

Abstract

Implementing cyber resilience into a system or company requires strategic decisions culminating in a resilience strategy. This strategy sets the direction and ensures that resilience activities are aligned with changes in technology, the business environment, the threat landscape, and the legal environment. It has a significant impact on system engineering, which is the starting topic of this chapter. Furthermore, essential principles for the trustworthy, secure design of systems based on NIST SP800-160 are discussed in the context of applicability and pitfalls. The chapter also provides an overview of resilience design and internal control systems. Finally, the chapter deals with how to gain a company culture, including cyber resilience awareness.

Simon Tjoa, Melisa Gafić, Peter Kieseberg

Chapter 7. Resilient Operations

Abstract

IT operations encompass all activities ensuring that digital services are available and function as intended. Therefore, operations are a critical part of ensuring cyber resilience. This chapter begins with a brief introduction to cyber hygiene, the foundation for cyber resilience. It further explains how resilience can be integrated into operations over time and contribute to incident preparedness. The chapter also provides a brief overview of activities to reduce the attack surface and highlights the importance of collaboration to improve cyber resilience. As IT operations is a vast area, it is not possible to provide an exhaustive list of measures but rather to focus on specific examples.

Simon Tjoa, Melisa Gafić, Peter Kieseberg

Chapter 8. Reacting to Cyber Incidents

Abstract

While the design process of a system is fundamental in order to facilitate cyber resilience, incident handling is vital in order to be able to adapt the system to counter successful or promising attacks. Thus, in this chapter, we provide an overview of gathering threat information. The main focus of this chapter lies in incident handling, covering the process starting with the preparation steps required, as well as detection, containment, and post-incident handling. Furthermore, we discuss the important topic of threat hunting with an overview of prominent approaches, together with a discussion on data sources. Since many complex systems, e.g., in the supply chain area, cover multiple organizations and will be relevant for NIS2, these two aspects are also discussed. The chapter finishes with a short introduction to disaster recovery as the final step in the incident-handling process.

Simon Tjoa, Melisa Gafić, Peter Kieseberg

Chapter 9. Testing and Improving Cyber Resilience

Abstract

It is necessary to check controls and rehearse response procedures to ensure that system designs and controls for resilience work as intended and are effective. Thus, in this chapter, we discuss the most critical aspects of cyber resilience testing like (i) auditing, where particular focus is put on audit plans, (ii) exercising, with a special focus on how to conduct cyber tabletop exercises, (iii) testing, focusing on the different forms of test and their differences, and (iv) training. Furthermore, the chapter deals with the involvement of cyber-physical systems in resilience planning and countermeasure application, as the special requirements in these systems make them deviate from standard practices a lot.

Simon Tjoa, Melisa Gafić, Peter Kieseberg

Backmatter

Title: Cyber Resilience Fundamentals
Authors: Simon Tjoa
Melisa Gafić
Peter Kieseberg
Copyright Year: 2024
Publisher: Springer International Publishing
Electronic ISBN: 978-3-031-52064-8
Print ISBN: 978-3-031-52063-1
DOI: https://doi.org/10.1007/978-3-031-52064-8