sparrell
commented
2 years ago I think we need to decide if cybersecurity it a subset of cyber resilience or orthogonal to cyber resilience. Personally I think cyber resilience is larger than cybersecurity but that cybersecurity plays a role in cyber resilience (eg better cybersecurity leads to higher cyber resilience and poor cybersecurity leads to low cyber resilience). The definition above implies orthogonal.
I also think there is a time element that somehow must be accounted for. Eg policies/procedures/automated-response that adapt cybersecurity to changing conditions is more resilient.
Niles proposed:
Cybersecurity is a set of policies, processes, procedures and controls that include the use of people, physical infrastructure, hardware and software to protect information exposed to the internet from cyber threats, whereas cyber resilience is meant to ensure continuity of business operations in the event that cybersecurity measures fail.