Cyber Resilience Evaluation Using Cyber Resilience Review Framework at University XYZ

Cyber resilience is about protecting data and information owned by University XYZ and adapting business processes at University XYZ to ensure service continuity when cyber threats occur. However, University XYZ never evaluates its practices to implement security and data management. University XYZ needs to know its maturity level based on cyber resilience evaluation to improve its cyber resilience. Therefore, this research was carried out to evaluate cyber resilience at University XYZ using the Cyber Resilience Review (CRR) assessment by evaluating ten cyber resilience domains. The evaluation covers academic services that use the University XYZ academic information system. The evaluation process will be held through an interview with the process owner. The interview questions are based on CRR assessment. After the evaluation, we found that none of the domains in University XYZ had yet reached Maturity Indicator Level (MIL)-1. In addition, the overall performance percentage for each CRR domain had not yet reached 100%. An improvementrecommendation for each domain has also been made, containing guidance for implementing incomplete and noncommitted practices. University XYZ can implement cyber resilience practices according to recommendations so that the implementation process can run optimally, even thoughcyber threats occur from time to time

Organisational Cyber Resilience: research opportunities

Online reviews have become ubiquitous in modern day business environment. They shape consumer perception regarding a product or service, and thereby affect sales and profits of a business. Extant work on online review influence has investigated mechanisms by which a review may affect consumers’ decisions. The studies, however, have ignored the possibility of a change in the impact of drivers of influence over time, as more reviews are posted. This study attempts to bridge the gap. Drawing from elaboration likelihood model (ELM) and Simon’s theory of bounded rationality, hypotheses regarding temporal changes in the impact of drivers of influence have been proposed. The hypotheses have been tested based on online review data from Yelp.com. Additionally, in this study, it has been recognized that the gap or difference between review content being created and that needed by consumers to support decisions is more important than an understanding of the latter alone. Therefore, a set of hypotheses have been proposed regarding changes in review content characteristics over time, tested over the same dataset, and compared with the findings on temporal changes in the impact of drivers of review influence. The insights from this study have important implications for both theory and practice and have been discussed

Towards an Organizationally-Relevant Quantification of Cyber Resilience

Given the difficulty of fully securing complex cyber systems, there is growing interest in making cyber systems resilient to the cyber threat. However, quantifying the resilience of a system in an organizationally-relevant manner remains a challenge. This paper describes initial research into a novel metric for quantifying the resilience of a system to cyber threats called the Resilience Index (RI). We calculate the RI via an effects-based discrete event stochastic simulation that runs a large number of trials over a designated mission timeline. During the trials, adverse cyber events (ACEs) occur against cyber assets in a target system. We consider a trial a failure if an ACE causes the performance of any of the target system’s mission essential functions (MEFs) to fall below its assigned threshold level. Once all trials have completed, the simulator computes the ratio of successful trials to the total number of trials, yielding RI. The linkage of ACEs to MEFs provides the organizational tie

Full Paper: Digital Resilience in Critical Infrastructures: A Systematic Literature Review

In times of disruptive events, effective response by organizations, critical systems, and society is paramount. The response process involves pre-event preparation, impact absorption, and system restoration, which together represent the concept of resilience. Critical infrastructures (CI) are essential to the functioning of society and require a high level of resilience to ensure that they can withstand and quickly recover from disruptive events. With the incorporation of Information Systems (IS) into CI, there is a need to study Digital Resilience to identify potential risks and develop strategies to mitigate them effectively. In this research, we conducted a Systematic Literature Review on Digital Resilience to understand its scope, and classified articles based on their scope, resilience dimensions, and phases they address, as well as interdependence between systems. We aim to contribute to the scientific understanding of Digital Resilience by analyzing existing gaps and proposing possible future research directions. This study provides an overview of the current state-of-the-art, the types of research conducted, and the resulting artifacts. Additionally, it introduces a new area of focus within the field of resilience: Digital Resilience

Концептуальная модель жизнеспособности критических инфраструктур в контексте современной теории безопасности сложных систем

В работе предлагается развитие современной теории безопасности сложных систем и расширение области ее применения на класс критических инфраструктур для исследования системных связей и закономерностей, определяющих жизнеспособность критических инфраструктур в условиях неопределенности и риск

A Compositional Approach to Safety-Critical Resilient Control for Systems with Coupled Dynamics

Complex, interconnected Cyber-physical Systems (CPS) are increasingly common in applications including smart grids and transportation. Ensuring safety of interconnected systems whose dynamics are coupled is challenging because the effects of faults and attacks in one sub-system can propagate to other sub-systems and lead to safety violations. In this paper, we study the problem of safety-critical control for CPS with coupled dynamics when some sub-systems are subject to failure or attack. We first propose resilient-safety indices (RSIs) for the faulty or compromised sub-systems that bound the worst-case impacts of faulty or compromised sub-systems on a set of specified safety constraints. By incorporating the RSIs, we provide a sufficient condition for the synthesis of control policies in each failure- and attack- free sub-systems. The synthesized control policies compensate for the impacts of the faulty or compromised sub-systems to guarantee safety. We formulate sum-of-square optimization programs to compute the RSIs and the safety-ensuring control policies. We present a case study that applies our proposed approach on the temperature regulation of three coupled rooms. The case study demonstrates that control policies obtained using our algorithm guarantee system's safety constraints

Digital Organizational Resilience:A History of Denmark as a Most Digitalized Country

The purpose of this paper is to demonstrate how digital organizational resilience was a key to digital transformation success in the public sector of Denmark. Using a historical research method, we analyze the IS history from 1998-2019 at all three levels of the public sector in Denmark. This study finds historical events about barriers and hindrances and shows how resilience enabled continuity in the transformation. We find a pattern of three elements in the history of what constitutes digital organizational resilience in e-government: digitalization strategy, collaboration across the public sector, and the ability to learn from overcoming barriers and hindrances. Digital resilience has previously been studied in the context of individual learning and cyber security. This pattern is a promising basis for understanding and achieving resilience in a transformative digitali-zation strategy in the public sector

Conceptualizing Digital Resilience: An Intellectual Capital Perspective

In the current era of digital transformations, numerous organizations integrate information and communication technologies (ICTs) into their core operations. However, such transformations can lead to novel risks that have to be governed in the face of disruptions. The emergence of a new risk landscape has given rise to new concepts aimed at safeguarding ICT-based operations. One of these is digital resilience (DR), a complex concept that has recently received attention from academia and regulatory bodies. However, prior work has often studied it inconsistently and offered different suggestions on how to build DR. To foster a comprehensive understanding of DR within information systems (IS), we have conducted a systematic literature review and conceptualized the problem by drawing on intellectual capital (IC) theory. We contribute to research and organizational practice by offering a novel framework with three main sub-capabilities and a comprehensive range of supporting micro-foundation, which unveils areas for future research

Qualitative factors in organizational cyber resilience

Cyber resilience moves organizations away from efforts to guarantee security of all systems, towards an approach that acknowledges that systems are bound to fail with a focus instead on the impact of that failure on business objectives. While the work on cyber resilience is evolving, there is a lack of studies using qualitative data for investigating the concepts and themes pertaining to cyber resilience in organizations. The purpose of this study is to uncover the non-technical organizational factors that contribute to better cyber resilience. By adopting a qualitative approach of analyzing factors of organizational resilience, this paper uses primary data collected through 25 interviews at senior leadership or board-level to point out the extent to which these factors facilitate or impede cyber resilience. The study illustrates a Leximancer map of each factor that characterizes organizational cyber resilience, based on insights from cyber practitioner communities through narrative interviews. This research contributes to a better theoretical and practical understanding of how cyber resilience within organizations can be improved. The findings show that cyber strategy and skilled people play a key role in adoption of cyber culture at the management level, while communication between boards and security leadership as well as a clear reporting structure are signals for building cyber resilience

Becoming a Most Digitalized Country: A History of Digital Organizational Resilience in Denmark

The purpose of this paper is to demonstrate how digital organizational resilience was a key to digital transformation success in the public sector of Denmark. Using a historical research method, we analyze the information systems (IS) history from 1998 to 2019 at all three levels of the public sector in Denmark. This study discovers the historical events regarding the barriers and hindrances to digital transformation in Denmark and shows how resilience enabled continuity in the transformation. Using significant events in the history of Denmark becoming a digitalized nation, we find a pattern of what constitutes digital organizational resilience in e-government: first, there are new ways to strategize digitalization, second, there is a collaborative strategy in execution across the public sector that envelopes the ability to learn from overcoming barriers and hindrances, and third, there is an organizational resilience path that iterates action, collaboration, and learning. Digital resilience has previously been studied in the context of individual learning and cyber security. The pattern found in the historical account is a promising basis for understanding and achieving resilience in a transformative digitalization strategy in the public sector