Whats up with Cyber Resilience?

I'm puzzled by all the activity around Cyber Resilience.

I was late to the party with DevOps (If Feb 2013 is late). I don't want to make the same mistake again. But "Cyber resilience"? This seems like an odd niche to be getting so much attention.

What does "Cyber resilience" even mean?
According to AXELOS:

help commercial organizations and governments around the world prevent, detect and correct any impact that cyber attacks their ability to do business

According to Pink Elephant:

best practices to eliminate, or reduce, the likelihood of cyber-attacks, or to minimize the negative impact

ISACA haven't picked up on the term, they're sticking to "cyber security" and "cyberthreat".

So there is consistency there and I didn't have the wrong impression. It is one aspect of one area of IT operations. This seems a niche interest to me. Why is so much attention given to it?

There is indeed a wave of "cyber-fuss" in the USA right now. Americans love a good security threat: it rallies a vast and disparate nation around the flag. And hackers are certainly active, at the national, commercial and spotty-faced-amateur levels. But really? The cynic in me presumes there is a shed-load of government money being thrown at this right now.

Security - even in the broader "CIA" (Confidentiality, Integrity and Availability of information) meaning of security - is like sanitation. It's essential to have it. its essential to get it right. But it's not the be-all and end-all. It's just one thing. Along with roads. Schools. Water. Defence.

In the same way I understand the importance of Cyber Resilience, but not the fuss.

ISACA have announced "Cyber Security Nexus", whatever that is, a dedicated cyber security conference, and a set of CSX certifications. That fits with ISACA's fixation on security and their inability to transform themselves into a more general IT governance body.

At Axelos, RESILIA™ is the number three product on the website after ITIL™ and PRINCE2™.
Coming in 2015. Presumably it will offer certifications in direct competition to ISACA's: "There will be entry-level certification levels for non-specialist staff as well as higher certification levels for IT practitioners."

Pink Elephant are running a whole conference on Cyber Risk and Resilence in June. I work with Pink but I haven't sought insight into why this area warrants a conference. I'm sure it will be a good one - they do great conferences - and it includes the general area of risk, which really is important. But still I'm puzzled. [Update: so I asked .]

There are more important (or at least as important) topics:

So what's the forecast for Cyber Resilience? A fad that will blow over, a niche interest getting transitory attention because of elevated risk, or a domain of IT as important as ITSM?

Syndicate content