January’s security awareness topic is resilience
Outline and scope
Resilience is a valuable concept in business and life as a whole. It involves ‘bending not breaking’, in other words making or arranging things such that
issues or incidents aren’t disastrous or terminal, although damage may be sustained. Resilient things aren’t necessary invulnerable but they are
definitely not fragile. In the lingo, their performance degrades gradually or gracefully. Mostly, they just keep going.
In relation to information security, resilience is a form of control, a security approach supporting business continuity and information risk management.
As with ‘oversight’ (last month’s awareness topic), it is a very broadly applicable control. There are situations where resilience isn’t helpful but they are
far outnumbered by those where resilience makes business sense. Examples:
Resilient databases and other software applications are designed to trap and
deal appropriately with data or system errors and attacks that might otherwise cause failures, security breaches and other problems;
Resilient IT devices are physically robust enough to keep running despite various
electrical problems, knocks and mechanical stresses, extreme temperatures, old age etc.;
Resilient communications mechanisms can be relied upon to ‘get the message
through’ when other less-resilient methods slow to a crawl or stop working completely;
Resilient facilities are barely affected by threats such as fires, floods and power glitches: vital characteristics of, say, communications hubs and crisis
Resilient business processes exploit every opportunity to cope with challenges
ranging from shortages of raw materials and workers through tough competition to global recession and war;
Resilient people are less affected than most by crisis situations: somehow they have the physical and mental capacity to think more clearly and get on with
important stuff when others are rendered incapable, perhaps literally falling in a heap;
Resilient workforces extend the approach to the level of teams, departments,
business units, organizations, perhaps even entire industries and nations. They have the resolve, determination and resourcefulness to make it through
whatever challenges they face, often by pooling resources and helping each other out. Collaboration, teamwork and motivation are part of resilience.
Cost is probably the main issue with resilience: while basic approaches are essentially free or cheap, more sophisticated arrangements tend to require
more substantial planning, effort and investment. Awareness secures the benefits of resilience with relatively little cost, for example by convincing
workers that their own preparation, readiness and response to various crises has implications for their wellbeing and survival plus that of colleagues and
the organization. We’re putting people into a more positive frame of mind. At least, that’s the plan!
Although security-aware workers are an important defensive control, in a truly resilient organization awareness and training are merely parts of a
comprehensive suite of layered, overlapping and complementary information security controls – including incident, risk and business continuity
management. The NoticeBored materials directly address management and professionals as well as the general workforce since they have distinct roles in making the organization resilient.
January’s security awareness and training materials:
Introduces the concept of resilience, providing general context and background information;
Expands on the associated information risk and security aspects (e.g. resilient information systems are less likely to succumb to power cuts,
hacks, viruses and bugs);
Puts workers generally in a positive frame of mind, more resilient and willing to get through situations that might otherwise overwhelm them;
Impresses on managers and professionals the value of proactively engineering things to maximize their resilience, especially business- and
Consider your objectives for this awareness and training topic. Is the organization’s resilience important enough to justify making sure everyone is up to
speed in this area? Do you agree that resilience is a company-wide cultural issue, an integral and vital part of business continuity management? Are there particular messages you’d like to put across, specific concerns or points to emphasize?
Sure, you could research and prepare a suite of awareness materials on resilience if only you had the competent professionals to do it, or the time and
inclination to do it yourself. Alternatively, kick off 2019 with NoticeBored. We‘ll get your awareness and training program off to a flying start, sustaining
and systematically improving it over the months and years ahead.
Get this module
Subscribe to the NoticeBored service to receive this module, plus similar batches of security awareness and training materials delivered fresh to your
organization every month. We offer a wealth of top-quality creative content on a market-leading range of information risk and security topics making it
easy and economic for you to run a world-class security awareness and training program.
Email us to set the ball rolling. Find out what it takes to get your security awareness and training program quickly up to speed, for a lot less than you
might think. We’re a small company with a big reputation for quality and innovation.
If you only want this module, then yes we can do that too.
Tag along with us on NBlog as we work on the next awareness topic. In addition to clues about what’s coming up, we share hints and tips on making
security awareness more effective.