What is the difference between cyber resilience and business continuity?

Question

What is the difference between cyber resilience and business continuity?

Hi infosec professionals,

We all know how security terms can be confusing and there are permanent discussions between professionals about simple ones.

How would you describe the difference between cyber resilience and business continuity?

How do you achieve each of them?

EB

Evgeny Belenky

Director of Community at PeerSpot (formerly IT Central Station)

4
583

6 Answers

Answered Aug 10, 2022

Search for a product comparison in Backup and Recovery Software

Buyer's Guide

Azure Backup

May 2023

Free Report: Azure Backup Reviews and More

Learn what your peers think about Azure Backup. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.

DOWNLOAD NOW

706,775 professionals have used our research since 2012.

Related Questions

Avigayil Henderson

Content Development Manager at PeerSpot

Apr 3, 2023

How can I test our disaster recovery plan to work on minimizing downtime?

Hello community, Please let us know your thoughts in the comments below. Thank you.

See 2 answers

Muhammad Ibtehaj

Enterprise Solutions Architect at Relacom

Mar 5, 2023

Testing your disaster recovery plan is crucial to ensure that your organization is prepared to minimize downtime in the event of a disaster. Here are some steps you can take to test your disaster recovery plan: Define Test Scenarios: Define test scenarios that simulate real-world disaster scenarios. These scenarios should be designed to test specific aspects of your disaster recovery plan, such as data recovery, network failover, and application availability. Involve All Relevant Parties: Involve all relevant parties in the testing process, including IT staff, business unit leaders, and third-party vendors. This will help to ensure that everyone is on the same page and understands their role in the event of a disaster. Document Test Results: Document the results of each test scenario, including any issues or areas for improvement. This will help you to refine your disaster recovery plan and ensure that it's as effective as possible. Test Regularly: Test your disaster recovery plan on a regular basis, such as quarterly or bi-annually. This will help to ensure that your plan remains up-to-date and effective in the face of evolving threats and technologies. Automate Where Possible: Automate as much of the testing process as possible, such as data replication, failover, and recovery. This will help to minimize the risk of human error and improve the overall efficiency of your disaster recovery plan. By following these steps, you can test your disaster recovery plan to work on minimizing downtime and ensure that your organization is prepared to quickly recover from a disaster.

Read full answer

reviewer2104281

IT Manager Infrastructure&DBA at SplashBI On-Demand Reporting and BI

Apr 3, 2023

Testing your disaster recovery plan is an essential step to ensure that it will work effectively in minimizing downtime. There are several ways to test your disaster recovery plan, and the following are some suggestions to consider: Tabletop Exercises: Tabletop exercises are simulations that test the effectiveness of your disaster recovery plan. They involve gathering key stakeholders together to walk through various scenarios and discuss how they would respond. This exercise can help identify any gaps or weaknesses in your plan, and can help refine your processes. Partial Failover Tests: Partial failover tests involve testing a subset of your IT systems to see if they can failover to your disaster recovery site. This test helps identify any issues with your failover processes and can help refine your failover procedures. Full Failover Tests: Full failover tests involve testing all of your IT systems to see if they can failover to your disaster recovery site. This test is more comprehensive than the partial failover test and can help identify any issues with your entire IT infrastructure. Unannounced Tests: Unannounced tests involve testing your disaster recovery plan without informing your IT team in advance. This test can help identify how quickly your team can respond to a disaster recovery situation and can help refine your communication processes. Production Failover Tests: Production failover tests involve testing your disaster recovery plan during a planned outage of your production environment. This test can help identify any issues with your failover processes and can help refine your procedures. It is important to note that testing your disaster recovery plan should be done on a regular basis to ensure that it remains effective and relevant. It is also important to document and analyze the results of your tests to identify areas for improvement and to update your plan accordingly.

Read full answer

Avigayil Henderson

Content Development Manager at PeerSpot

Mar 17, 2023

How can we easily recover from a ransomware attack?

Hello community, Please share with the community what your thoughts are based on your personal experience. Thank you.

See 1 answer

TL

Tim Lenz

SQL Database Administrator at Aurora Mental Health Center

Mar 17, 2023

The key to recovery from a Ransomware attack is the boy scout motto "Be Prepared". In our case, not only did we have backups at the DR site but both the Production site and DR site each had a NAS on a different subnet with different Admin passwords that had backup copies, so 4 total backups. We also were using iSCSI connections to our SAN which the ransomware was not able to cross when they polluted the connection file. This was an unexpected bonus. We were basically back up and running in 4 hours after wiping and restoring files. Lessons learned were to separate as much as possible so if one part of the domain/forest gets corrupted it cannot travel to the other areas. We now use Veeam for Hyper-V windows VMs and Zerto for VMware VMs, another separation of business functions with different admin passwords. Nothing is foolproof but by making it as difficult as possible then makes more time to catch and stop the attack sooner.

Read full answer

Related Articles

Ariel Lindenfeld

Director of Community at PeerSpot

Aug 21, 2022

PeerSpot User's Choice Award 2022

We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...

EB

Evgeny Belenky

Director of Community at PeerSpot (formerly IT Central Station)

Aug 2, 2022

Community Spotlight #19

Dear professionals, Welcome back to PeerSpot's Community Spotlight! Below you can find the latest hot topics posted by your fellow PeerSpot Community members. Read articles, answer questions, and contribute to discussions that are relevant to you and your expertise. Or ask your peers for insight on topics that interest you! Trending Here are some topics that your peers are discussi...

See 1 comment

EB

Evgeny Belenky

Director of Community at PeerSpot (formerly IT Central Station)

Aug 2, 2022

@Chris Childerhose, @PraveenKambhampati, @Deena Nouril, @Shibu Babuchandran and @reviewer1925439, Thank you for contributing your articles and sharing your professional knowledge with 618K PeerSpot community members around the globe as well as with a much bigger readers audience!

Read full comment

Chris Childerhose

Lead Infrastructure Architect at ThinkON

Jul 27, 2022

Choosing a Backup Solution Platform

Every Virtualization and System Administrator deals with having the ability to recover servers, files, etc. and having a Backup Solution to help with recovery will ease the burden. But how do you know which one is right for you? How would you go about choosing the right solution that will help you in your daily tasks? Software Criteria When choosing a backup solution there are many things t...

EB

Evgeny Belenky

Director of Community at PeerSpot (formerly IT Central Station)

Jul 18, 2022

Community Spotlight #18

Dear PeerSpot community members, Welcome to the latest PeerSpot Community Spotlight, where we sum up the most relevant recent postings by your peers in the community. Check out the latest questions, articles and professional discussions contributed by PeerSpot community members! Trending Here are some topics that your peers are discussing at the moment: What is your recomme...

EB

Evgeny Belenky

Director of Community at PeerSpot (formerly IT Central Station)

Jun 20, 2022

Community Spotlight #16

Hi PeerSpot community members, This is a fresh-from-the-oven Community Spotlight for you. Here, we've summarized and selected the latest posts (professional questions, articles and discussions) by PeerSpot community members. Check them out! Also, please share with us your feedback and suggestions by commenting below! Trending See what is trending at the moment and chime in to discuss! ...

Moderator

Chris Childerhose

Lead Infrastructure Architect at ThinkON

Real User

ExpertTop 5

Related Categories

Backup and Recovery Software

Disaster Recovery as a Service

Disaster Recovery (DR) Software

Security Incident Response

VladanKojanic · Answer 1 · 2021-11-09T10:09:23Z

It's simple: cyber resilience is the ability to prepare for, respond to and recover from cyber attacks. And it is certainly the role of the security team.

While business continuity is something that is a part of the backup procedure or DR site that in any case (and not just from a cyber attack) ensures that the business continues to operate.

John-Haines · Answer 2 · 2022-08-10T02:29:58Z

Given todays landscape, I think cyber resilience in infrastructure (defined as the ability to protect and recover from a cyber attack - i.e. Air Gapped Backups, immutable backups or snapshots, etc) should be considered a necessary component of Business Continuity (defined as the ability to continue running, or quickly recover, from an outage-causing disaster). BC is different from DR, in that DR implies a "recovery" activity, while BC implies the ability to continue operating through the outage.

While they may be separate today for political reasons, they should not be.

reviewer1934637 · Answer 3 · 2022-08-09T17:38:20Z

In real world terms, Cyber Resilience would include security software (anti-virus and anti-malware), local machine and network policies to enforce hard passwords that are changed periodically, delegated folder access permissions, and physical access security protocols.
Business Continuity is a plan to keep a business from failing in the event of catastrophe. This should include redundant and remote co-located servers, off site data backups, system images, and provisions to operate from a different facility.

Jairo Willian Pereira · Answer 4 · 2021-11-24T13:37:48Z

Both have the same purpose but not the same scope.

Ensuring CR does not guarantee BCP but guaranteeing BCP (properly following all plans and sub-plans as required by ISO22301 standard) guarantees CR.

People often confuse DR (Disaster Recovery) with BCP but DR is just a small fragment of the entire BCP (again, see scope and purpose at ISO22301 and complementary 223xx norms).

AlanFink · Answer 5 · 2021-11-09T11:27:27Z

Generic terms are always open to interpretation. My belief is that Cyber (crime) Resilience means there is a clear strategy, toolset and management process in place to ensure businesses are protected from malicious attacks whereas Business Continuity is a much broader term like having the secondary infrastructure in place to continue operating normally in the event of any kind of Business Interruption like natural disasters, power outages, software failure, malicious or accidental damage to data, etc and to be able to recover from it very quickly and with minimal cost.

A step up from Disaster Recovery.

Evgeny Belenky · Answer 6 · 2021-11-08T08:08:16Z

Hi @Enayat Galsulkar, @Daniel Aramayo and
@Darshil Sanghvi,

Can you please chime in here and share your knowledge with other peers?