Resilience Flashcards
what is software resilience
the ability to bounce back or recover from an attack, security event, or reliability failure
Why don’t all services within a system need equal levels of resilience
because not all services in the system are critical (we can afford to have them fail and be reinstated eventually)
2 important activities that a resilient system does
- immediate recovery from failure to maintain critical services
- longer term reinstatement of non-critical services
4 sources of cybersecurity failures
1) organizational ignorance of problem seriousness
2) poor or lax application design of security procedures
3) human operator carelessness
4) poor trade-off between usability and security (i.e. the security procedures are annoying or hard to follow)
3 protection types against threats
authorization
encryption
firewalls
what is over-provisioning?
provide for resources far beyond peak load to account for bad things that may happen
6 steps to avoid cybersecurity failures
1) classify assets
2) ID threats
3) ID threat recognition signs
4) threat resistance
5) asset recovery
6) asset reinstatement