Used terminology

The term Cyber Resilience is frequently used but lacks a uniform explanation or meaning. Within the framework of this project, the following definition is used:

We define cyber resilience as the alignment of prevention, detection, and response capabilities to manage, mitigate, and recover from cyber attacks. It relates to an enterprise/organization’s capacity to continue its core operations when faced with a cyber attack.

A cyber-resilient enterprise is one that can prevent, detect, and recover from a wide range of serious threats aimed at data, applications, and IT infrastructure.

(Source: Ponemon Institute, “The Third Annual Study on the Cyber Resilient Organization – April/2019”)

Information systems or services of the provider/registrar are actively misused without the knowledge of the provider/registrar in question. This can involve spam being sent, phishing sites with malware-infected websites, etc.

Vulnerabilities in information systems or services that are not (yet) being exploited but could lead to abuse. This can include CMS systems (for example, Joomla or WordPress) that are not up-to-date, web servers using insecure crypto, or DNS servers with poor configurations that could therefore be misused in DDoS attacks, etc.

Various companies and organizations have knowledge of hosts, IP addresses, and URLs that are being abused or are vulnerable to abuse. There are parties that gather this knowledge with the sole purpose of disseminating it. In other cases, the knowledge comes from (scientific) research into an information system, and the researcher allows the knowledge to be disseminated.

We call parties that disseminate this knowledge notifiers. Feeds contain those notifications that are not incidental but are continuously made available by these parties.

Cybersecurity is closely linked to the threats caused by the misuse of existing vulnerabilities in networks/systems. It is important to approach cybersecurity from the perspective of the cyber attack lifecycle by identifying threat sources, threat events, and vulnerabilities.

(Source: NIST Roadmap for Improving Critical Infrastructure Cybersecurity Version 1.1 April 25, 2019)

Timely communication and usable information are crucial for addressing vulnerabilities and combating threats. This includes an almost real-time exchange of information security between organizations, information-sharing communities such as Information Sharing and Analysis Centers (ISACs), Information Sharing and Analysis Organizations (ISAOs), industry peers and supply chain partners, and exchanges with security service providers.

(Source: NIST Roadmap for Improving Critical Infrastructure Cybersecurity Version 1.1 April 25, 2019)

Cyber resilience and automation go hand in hand. When asked to rate the value of Automation and cyber resilience of their security position on a scale of 1 = low value to 10 = high value, 62 percent rate the value of cyber resilience as very high and an even higher percentage of respondents (76 percent) find automation very valuable.

(Source: Ponemon Institute “The Third Annual Study on the Cyber Resilient Organization”)