ABSTRACT
Resources should always be allocated to ensure the survival of the vital assets of the business, while the remainder of the investment goes in ensuring the noncritical things. Critical information is a separate concern, which is part of the priority item aspect of the cyber resilience process. The primary difference between cybersecurity and cyber resilience is that the perimeter controls and the recovery controls are designed and deployed in a planned fashion. The goal of the noncritical asset recovery process is to design and deploy a practical business mechanism to ensure that noncritical elements of organization’s asset base function survive in the event of an adverse event. An essential component of the preparedness planning process is the identification of business contingencies to address. The cyber resilience recovery planning process documents a formal set of asset recovery actions. The goal of the asset recovery process is to ensure the resilience of noncritical business assets whenever there is a loss or breach.
