The tensions of cyber-resilience : from sensemaking to practice
Date
Contributor(s)
Advisor(s)
Published in
Conference Date
Conference Place
Publisher
Degree Level
Discipline
Keywords
- Cyber-resilience
- Risk management
- Cyber-risks
- Sensemaking
- Regulation
- Standardization
Funding organization(s)
Abstract
The growing sophistication, frequency and severity of cyberattacks targeting all sectors highlight their inevitability and the impossibility of completely protecting the integrity of critical computer systems. In this context, cyber-resilience offers an attractive alternative to the existing cybersecurity paradigm. We define cyber-resilience as the capacity to withstand, recover from and adapt to the external shocks caused by cyber-risks. This article seeks to provide a broader organizational understanding of cyber-resilience and the tensions associated with its implementation. We apply Weick’s (1995) sensemaking framework to examine four foundational tensions of cyber-resilience: a definitional tension, an environmental tension, an internal tension, and a regulatory tension. We then document how these tensions are embedded in cyber-resilience practices at the preparatory, response and adaptive stages. We rely on qualitative data from a sample of 58 cybersecurity professionals to uncover these tensions and how they reverberate across cyber-resilience practices.
Table of contents
Notes
Notes
Other language versions
Related research dataset(s)
Endorsement
Review
Supplemented By
Referenced By
License
