Resilience Engineering

Question 1

What are the reasons that cybersecurity fails?

Answer 1

1. Organisational ignorance of the seriousness of the problem,
2. Poor design and lax application of security procedures,
3. Human carelessness, and
4. Inappropriate trade-offs between usability and security.

Question 2

what are the fundamental concepts of resilience planning?

Answer 2

1. Assets, which are systems and data that have to be protected. Some assets are more valuable than others and so require a higher level of protection.
2. Threats, which are circumstances that can cause harm by damaging or stealing organisational IT infrastructure or system assets.
3. Attacks, which are manifestations of a threat where an attacker aims to damage or steal IT assets, such as websites or personal data.

Question 3

What are the types of threats to be considered in resililience planning

Answer 3

1. Threats to the confidentiality of assets: In this case, data is not damaged, but it is made available to people who should not have access to it. An example of a threat to confidentiality is when a credit card database held by a company is stolen, with the potential for illegal use of card information.
2. Threats to the integrity of assets: These are threats where systems or data are damaged in some way by a cyberattack. This may involve introducing a virus or a worm into software or corrupting organisational databases.
3. Threats to the availability of assets: These are threats that aim to deny use of assets by authorized users. The best-known example is a denial-of-service attack that aims to take down a website and so make it unavailable for external use.

Question 4

What are some controls to protect the assets?

Answer 4

1. Authentication, where users of a system have to show that they are authorized to access the system.
2. Encryption, where data is algorithmically scrambled so that an unauthorized reader cannot access the information.
3. Firewalls, where incoming network packets are examined then accepted or rejected according to a set of organisational rules.

Question 5

What are the key stages in cyber resilience planning?

Answer 5

1. Asset classification: The organisation’s hardware, software, and human assets are examined and classified depending on how essential they are to normal operations. They may be classed as critical, important, or useful.
2. Threat identification: For each of the assets (or at least the critical and important assets), you should identify and classify threats to that asset.
3. Threat recognition: For each threat or, sometimes asset/threat pair, you should identify how an attack based on that threat might be recognized.
4. Threat resistance: For each threat or asset/threat pair, you should identify possible resistance strategies.
5. Asset recovery: For each critical asset or asset/threat pair, you should work out how that asset could be recovered in the event of a successful cyberattack.
6. Asset reinstatement: This is a more general process of asset recovery where you define procedures to bring the system back into normal operation.

Question 6

What are the four characteristics that reflect an organizations’ resilience?

Answer 6

1. The ability to respond: Organisations have to be able to adapt their processes and procedures in response to risks. These risks may be anticipated risks or may be detected threats to the organisation and its systems.
2. The ability to monitor: Organisations should monitor both their internal operations and their external environment for threats before they arise.
3. The ability to anticipate: A resilient organisation should not simply focus on its current operations but should anticipate possible future events and changes that may affect its operations and resilience.
4. The ability to learn: Organisational resilience can be improved by learning from experience. It is particularly important to learn from successful responses to adverse events such as the effective resistance of a cyberattack. Learning from success allows.

Question 7

What are the two ways to consider human error?

Answer 7

· The person approach: Errors are considered to be the responsibility of the individual and ‘unsafe acts’ (such as an operator failing to engage a safety barrier) are a consequence of individual carelessness or reckless behaviour.

· The systems approach: The basic assumption is that people are fallible and will make mistakes. People make mistakes because they are under pressure from high workloads, poor training or because of inappropriate system design.

Question 8

What are strategies to increase reslience?

Answer 8

· Reduce the probability of the occurrence of an external event that might trigger system failures.

· Increase the number of defensive layers. The more layers that you have in a system, the less likely it is that the holes will line up and a system failure occur.

· Design a system so that diverse types of barriers are included. The ‘holes’ will probably be in different places and so there is less chance of the holes lining up and failing to trap an error.

· Minimize the number of latent conditions in a system. This means reducing the number and size of system ‘holes’.

Question 9

What are the two closely related streams of work to design a system for resilience?

Answer 9

1. Identifying critical services and assets: Critical services and assets are those elements of the system that allow a system to fulfil its primary purpose.
2. Designing system components that support problem recognition, resistance, recovery, and reinstatement: Operators may have to authenticate with a hardware token to resist the possibility of unauthorized access. If the system fails, calls may be diverted to another centre so that the essential services are maintained.

Question 10

What is survivable systems analysis?

Answer 10

Survivable systems analysis, which is a method used to assess vulnerabilities in systems and to support the design of system architectures is a four-stage process that analyses the current or proposed system requirements and architecture, identifies critical services, attack scenarios, and system “soft spots,” and proposes changes to improve the survivability of a system

Question 11

What is the four stage process of survivable systems analysis?

Answer 11

1. System understanding: For an existing or proposed system, review the goals of the system (sometimes called the mission objectives), the system requirements, and the system architecture.
2. Critical service identification: The services that must always be maintained and the components that are required to maintain these services are identified.
3. Attack simulation: Scenarios or use cases for possible attacks are identified, along with the system components that would be affected by these attacks.
4. Survivability analysis: Components that are both essential and compromisable by an attack are identified, and survivability strategies based on resistance, recognition, and recovery are identified.