Improving Metrics in Cyber Resiliency
Release Date: 08/30/2017Cyber resiliency is important as it gives us “the ability to prepare and plan for, absorb, recover from, or more successfully adapt to actual or potential adverse effects.” Despite billions of dollars being spent on cybersecurity, information systems data breaches are increasing year after year. To reverse this trend, it is essential to develop metrics and processes to measure (1) threats before they become cyberattacks, (2) recovery of lost functionality after a cyberattack. This paper introduces two essential metrics: Elapsed Time to Identify Failure (ETIF) and Elapsed Time to Identify Threat (ETIT). Measuring them and developing processes to lower the values of ETIF and ETIT would improve the resiliency of an information system.