The document discusses the concept of cyber resilience, defined as the ability to face challenges and recover stronger. Key points include the necessity of a strategic approach, developing and testing response and recovery plans, and continually updating those plans based on lessons learned. Effective communication is emphasized as essential for both upward and downward information flow.

1. CYBER RESILIENCE
APPROACH
DAVID J. CARTER
CISO, COMMONWEALTH OFFICE OF TECHNOLOGY

2. RESILIENCE DEFINED
The ability to stand up to challenges,
work through them step by step, and
bounce back stronger than you were
before.
Courtesy of the Urban Dictionary

3. THE COMPONENTS OF CYBER RESILIENCE

4. THIS IS NOT A STRATEGY . . .

5. NOR IS THIS . . .

6. THIS IS A STRATEGY

7. TEST YOUR STRATEGY
Test Now . . . . . NOT . . . . . Then

8. GET BUY IN

9. PRIMARY POINTS
• Hope and faith is good but you need a
strategy.
• Build the functional response and
recovery plans.
• Test those plans until they are second
nature.
• Evolve and tune the plan as a living
document.
• Feed the plan with lessons learned.
• Communicate down as well as up.