A Framework for Assessing Cyber Resilience: A Report for the World Economic Forum
Brianna Keys, Aashish Chhajer, Zilong Liu, and Daniel Horner
Cyber resilience is of growing importance in our hyperconnected world, no longer relegated to simply the concerns of IT Departments. Cyber resilience is more than just about cybersecurity. It incorporates business practices and entails being able to absorb attacks, recover from them, and restore business operations as quickly as possible. At its annual meeting in Davos in 2011, the World Economic Forum (Forum) established a project, Partnering for Cyber Resilience, to promote resilience throughout the global economy. The next phase of this project includes conducting a comparative assessment of resilience across industries and sectors. Our report seeks to set the foundation for that global assessment.
After reviewing frameworks and standards created by public sector organizations and academics, we adapted a comprehensive set of metrics that we believe can effectively measure cyber resilience across industries and sectors. The framework is based on Linkov et al and supplemented with the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity.