Resilience in today’s cyber-ecology
In a broader sense, resilience is one of the essential elements that determine the healthiness of a system. In other words, a system can cope with unexpected stresses. Some experts also relegate resilience to the integral components of a system’s integrity (Institution of Engineering and Technology, 2003). From this perspective, a parallel might be drawn between cyber ecology’s resilience and the ability of a human organism to recover from an illness. Therefore, in terms of cyber ecology, resilience might be interpreted as the capacity of a network to recover from different attacks. The shorter period the system’s recovery takes, the stronger its resilience is. However, it would be wrong to claim that resilience is an equivalent of recovery. The latter is rather one of the components of resilience; the other two essential elements are the ability to resist and react.
Hence, resilience plays an important role in assuring security – the increased frequency of downtime incidents signifies reduced resilience and critical security risks.
Ideas about the convergence of systems and world-views affecting thinking about resilience
While trying to understand the meaning of resilience in the framework of cyber-ecology, it is critical to take into account the fact that it is a multi-faceted discipline that comprises the elements of biology, computer science, ecology, etc. (Achieving resilience in the cyber ecosystem, 2014).
Therefore, it is logical to assume that resilience is common not only to computer networks but other systems as well. Thus, it can be applied to people and their capacity to react at stressors and recover from physical and mental injuries. It can also be relevant to ecological systems within which each live organism possesses the ability to recover from both natural factors and the damage that humans do. Generally speaking, the level of resilience in a system determines the potential duration of its existence. Whereas reduced resilience in computer networks is crucial for information security, the incapacity to resist external stressors results in the death of an organism. From this standpoint, computer networks have much more in common with live systems than it might seem at first sight.
Information security and its broader socio-technical perspectives in the real world
Risk management is one of the most complicated and ambiguous problems in terms of information security. On the face of it, it is evident that extended systems comprising a large scope of participants are expected to show poorer resilience than compact systems. This phenomenon might be explained by the fact that the speed of reaction, the power of resistance and the duration of recovery are likely to vary in different elements.
Therefore, whereas each element might have strong resilience, the general resilience of the system can still be weak due to the discrepancies in the key variables mentioned above. Moreover, Fitzgerald (2011) points out the fact that one of the most important guarantees of safety assurance is a consistent risk assessment or the so-called “security risk analysis” (p.123). The essential part of this analysis is the evaluation of the resilience of every element. Thus, the more dependencies the system possesses, the more difficult it is to carry out an accurate assessment of the general resilience level. From this perspective, the risk of failures in big systems is higher than in compact networks.
On the other hand, small systems with few dependencies do not necessarily show high resilience. Whereas in big systems, there is a possibility of one element compensating for the weakness of another, this chance is significantly lower for compact systems where the number of elements is very limited. Hence, for instance, a large group of managers is likely to cope with an unexpected challenge as long as every member contributes to the common resistance. Nevertheless, in case this group consists of two or three managers only, their success in coping with the challenge will be more dependent on their inner qualities as they do not possess such an advantage as joint efforts.
I assume that certain criticism expressed towards young specialists is quite a common cause. This attitude is, to a certain extent, justified because new employees might have consistent theoretical knowledge though they might fail to understand the ways it might be put into practice. Therefore, instead of trying to persuade the boss in my rightness, I would try to come up with a specific proposal associated with the implementation of the new security approaches.
For example, I would suggest using a multiple risk communicator (MRC) for carrying out an efficient risk analysis and identifying the key flaws in the security system. I would substantiate my plan referring to the relevant experience of Japanese companies that turned out to be highly successful (Hsu & Marinucci, 2012).
INFOSEC as a critical mission
I would try to persuade my boss that INFOSEC should be treated as a final target rather than as a means to an end because a company is unable to show sustainable performance without assuring consistent security. I would try to make the boss understand that investors are equally interested in the information protection so that problems with funding are not likely to arise.
Reference List
Achieving resilience in the cyber ecosystem. (2014). Web.
Fitzgerald, T. (2011). Information Security Governance Simplified: From the Boardroom to the Keyboard. Boca Raton, Florida: CRC Press. Web.
Hsu, D.F., & Marinucci, D. (2012). Advances in Cyber Security: Technology, Operations, and Experiences. New York, New York: Fordham University Press. Web.
Institution of Engineering and Technology. (2003). Information Assurance Cyber Ecology. Web.