重新定义网络复原力:通过风险登记透镜。

Q3 Medicine
Ria Thomas
{"title":"重新定义网络复原力:通过风险登记透镜。","authors":"Ria Thomas","doi":"","DOIUrl":null,"url":null,"abstract":"<p><p>Resilience is deeper than maintaining a company's operations and services in the face of significant disruptions. It is the ability of a business to withstand, pivot and continue to grow in the face of a significant threat. To achieve resilience, companies must have an integrated, end-to-end understanding of how a specific threat magnifies the risks identified on their risk register, and what measures are needed across the enterprise to address the amplification of those risks. This paper details how the need for a holistic approach is especially important for cyber crises, compared with other types of crises, because they tend to have more broad-ranging impacts and complexities, such as: unclear timelines, lack of public empathy, unpredictable human threat actor(s), as well as a broader set of internal and external stakeholders that need to be engaged. Unlike other crises, cyber crises have the potential to magnify most - if not all - of the risks on the risk register. As such, cyber resilience requires ensuring that key stakeholders, whether shareholders, customers, regulators, business partners, employees, etc, stay resolute in their faith in a company and its leadership's ability to navigate the increasingly complex issues related to cyber risks and how these issues are addressed enterprise-wide, not purely seen through the lens of technical or operational resilience. To achieve cyber resilience, organisations must develop and implement programmes that integrate both the technical and the broader business measures needed to limit fallout, demonstrate leadership through cyber crises, and deepen trust regardless of the potential severity of the impact.</p>","PeriodicalId":39080,"journal":{"name":"Journal of business continuity & emergency planning","volume":"18 1","pages":"75-83"},"PeriodicalIF":0.0000,"publicationDate":"2024-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Redefining cyber resilience : Through the risk register lens.\",\"authors\":\"Ria Thomas\",\"doi\":\"\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><p>Resilience is deeper than maintaining a company's operations and services in the face of significant disruptions. It is the ability of a business to withstand, pivot and continue to grow in the face of a significant threat. To achieve resilience, companies must have an integrated, end-to-end understanding of how a specific threat magnifies the risks identified on their risk register, and what measures are needed across the enterprise to address the amplification of those risks. This paper details how the need for a holistic approach is especially important for cyber crises, compared with other types of crises, because they tend to have more broad-ranging impacts and complexities, such as: unclear timelines, lack of public empathy, unpredictable human threat actor(s), as well as a broader set of internal and external stakeholders that need to be engaged. Unlike other crises, cyber crises have the potential to magnify most - if not all - of the risks on the risk register. As such, cyber resilience requires ensuring that key stakeholders, whether shareholders, customers, regulators, business partners, employees, etc, stay resolute in their faith in a company and its leadership's ability to navigate the increasingly complex issues related to cyber risks and how these issues are addressed enterprise-wide, not purely seen through the lens of technical or operational resilience. To achieve cyber resilience, organisations must develop and implement programmes that integrate both the technical and the broader business measures needed to limit fallout, demonstrate leadership through cyber crises, and deepen trust regardless of the potential severity of the impact.</p>\",\"PeriodicalId\":39080,\"journal\":{\"name\":\"Journal of business continuity & emergency planning\",\"volume\":\"18 1\",\"pages\":\"75-83\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of business continuity & emergency planning\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"Medicine\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of business continuity & emergency planning","FirstCategoryId":"1085","ListUrlMain":"","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Medicine","Score":null,"Total":0}
引用次数: 0

摘要

复原力不仅仅是在面临重大干扰时维持公司的运营和服务。它是企业在面对重大威胁时的承受能力、转向能力和继续发展的能力。要实现复原力,企业必须对特定威胁如何放大其风险登记册中确定的风险,以及整个企业需要采取哪些措施来应对这些风险的放大有一个综合的、端到端的了解。与其他类型的危机相比,网络危机往往具有更广泛的影响和复杂性,例如:不明确的时间表、缺乏公众共鸣、不可预测的人类威胁行为者,以及需要参与的更广泛的内部和外部利益相关者,因此,本文详细阐述了对整体方法的需求对于网络危机尤为重要。与其他危机不同,网络危机有可能放大风险登记册上的大部分风险(如果不是全部的话)。因此,网络复原力要求确保主要利益相关者,无论是股东、客户、监管机构、业务伙伴、员工等,都坚定地相信公司及其领导层有能力应对日益复杂的网络风险相关问题,以及如何在整个企业范围内解决这些问题,而不是纯粹从技术或运营复原力的角度来看待这些问题。要实现网络复原力,企业必须制定和实施各种计划,将技术措施和更广泛的业务措施结合起来,以限制影响,在网络危机中展现领导力,并加深信任,而不管潜在影响的严重程度如何。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Redefining cyber resilience : Through the risk register lens.

Resilience is deeper than maintaining a company's operations and services in the face of significant disruptions. It is the ability of a business to withstand, pivot and continue to grow in the face of a significant threat. To achieve resilience, companies must have an integrated, end-to-end understanding of how a specific threat magnifies the risks identified on their risk register, and what measures are needed across the enterprise to address the amplification of those risks. This paper details how the need for a holistic approach is especially important for cyber crises, compared with other types of crises, because they tend to have more broad-ranging impacts and complexities, such as: unclear timelines, lack of public empathy, unpredictable human threat actor(s), as well as a broader set of internal and external stakeholders that need to be engaged. Unlike other crises, cyber crises have the potential to magnify most - if not all - of the risks on the risk register. As such, cyber resilience requires ensuring that key stakeholders, whether shareholders, customers, regulators, business partners, employees, etc, stay resolute in their faith in a company and its leadership's ability to navigate the increasingly complex issues related to cyber risks and how these issues are addressed enterprise-wide, not purely seen through the lens of technical or operational resilience. To achieve cyber resilience, organisations must develop and implement programmes that integrate both the technical and the broader business measures needed to limit fallout, demonstrate leadership through cyber crises, and deepen trust regardless of the potential severity of the impact.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
1.30
自引率
0.00%
发文量
34
期刊介绍: Journal of Business Continuity & Emergency Planning is the leading professional journal publishing peer-reviewed articles and case studies written by and for business continuity and emergency managers.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信