We believe the best way of building resilience is through deliberately exposing the organizational attack surface to realistic yet controlled cyber attacks that are based on threat intelligence and business impact models.
The cyber attacks validate in practice the organization’s planned security measures: plans and designs, processes and operations, mechanisms and people, competence and awareness.
Resilience only emerges when technology, management and people support each other by design: aware and competent people using the correct technology in managed, metrics-driven manner.
The philosophy of the resilience is the capability to cope with expected and unexpected change: no process is ever perfect, no technology attack-proof, no man immune to manipulation.
Reflect the past, sense the present, forecast the change.