Hi infosec professionals,
We all know how security terms can be confusing and there are permanent discussions between professionals about simple ones.
How would you describe the difference between cyber resilience and business continuity?
How do you achieve each of them?
Given todays landscape, I think cyber resilience in infrastructure (defined as the ability to protect and recover from a cyber attack - i.e. Air Gapped Backups, immutable backups or snapshots, etc) should be considered a necessary component of Business Continuity (defined as the ability to continue running, or quickly recover, from an outage-causing disaster). BC is different from DR, in that DR implies a "recovery" activity, while BC implies the ability to continue operating through the outage.
While they may be separate today for political reasons, they should not be.
In real world terms, Cyber Resilience would include security software (anti-virus and anti-malware), local machine and network policies to enforce hard passwords that are changed periodically, delegated folder access permissions, and physical access security protocols.
Business Continuity is a plan to keep a business from failing in the event of catastrophe. This should include redundant and remote co-located servers, off site data backups, system images, and provisions to operate from a different facility.
It's simple: cyber resilience is the ability to prepare for, respond to and recover from cyber attacks. And it is certainly the role of the security team.
While business continuity is something that is a part of the backup procedure or DR site that in any case (and not just from a cyber attack) ensures that the business continues to operate.
Both have the same purpose but not the same scope.
Ensuring CR does not guarantee BCP but guaranteeing BCP (properly following all plans and sub-plans as required by ISO22301 standard) guarantees CR.
People often confuse DR (Disaster Recovery) with BCP but DR is just a small fragment of the entire BCP (again, see scope and purpose at ISO22301 and complementary 223xx norms).
Generic terms are always open to interpretation. My belief is that Cyber (crime) Resilience means there is a clear strategy, toolset and management process in place to ensure businesses are protected from malicious attacks whereas Business Continuity is a much broader term like having the secondary infrastructure in place to continue operating normally in the event of any kind of Business Interruption like natural disasters, power outages, software failure, malicious or accidental damage to data, etc and to be able to recover from it very quickly and with minimal cost.
A step up from Disaster Recovery.
Hi @Enayat Galsulkar, @Daniel Aramayo and
@Darshil Sanghvi,
Can you please chime in here and share your knowledge with other peers?