A Study on Developing Assessment indicators for Cyber Resilience

사이버 레질리언스 평가지표 개발에 관한 연구

  • Kim, Sujin (Dept. of Security Convergence, The Graduate School of Chung-Ang Univ.) ;
  • Kim, Jungduk (Dept. of Industrial Security, The College of Business & Economics of Chung-Ang Univ.)
  • 김수진 (중앙대학교 융합보안학과) ;
  • 김정덕 (중앙대학교 산업보안학과)
  • Received : 2017.07.03
  • Accepted : 2017.08.20
  • Published : 2017.08.28


Recently, cyber resilience has emerged as an important concept, recognizing that there is no perfect security. However, domestic researches on cyber resilience are insufficient. In this study, the 22 indicators for cyber resilience assessment were initially developed by the literature survey and discussions with security experts. The developed indicators are reviewed using the Focus Group Interview method in terms of materiality and feasibility of the indicators. This study derived meaningful and useful indicators for the assessment of cyber resilience, and it is expected to be used as a foundation for the future cyber resilience studies. In order to generalize and apply the results of this study in practice, it is necessary to carry out quantitative researches in the future.


Cyber Resilience;Cybersecurity;Security Indicator;Risk Management;Security Controls


Supported by : Chung-Ang University


  1. J. D. Kim and C. G. Jin, "International Standardization Trends and Issues of Cyber Resilience", Review of KIISC, Vol. 26, No. 4, pp. 11-15, 2016.
  2. Gartner, "Gartner Says Worldwide Information Security Spending Will Grow Almost 8 Percent in 2014 as Organizations Become More Threat-Aware", 2014.
  3. World Economy Forum, "Collaboration with Deloitte, Risk and Responsibility in a Hyper connected World: Pathways to Global Cyber Resilience", Geneva: World Economic Forum, 2012.
  4. Gartner, "Prevention is Futile in 2020: Protect Information via Pervasive Monitoring and Collective Intelligence", 2013.
  5. Korea National Disaster Management Institute, "Development of Community Resilience Framework", 2013.
  6. H. S. Lyu, "A Study on Cyber Security Policy and Governance in the ICT Convergence Environment: Focused on "Authentication", Korea Institute of Public Administration, pp.58-89, 2015.
  7. Ernst&Young, "Achieving Resilience in the cyber ecosystem", 2014.
  8. S. A. Merrell, A. P. Moore and J. F. Stevens, "Goal-based assessment for the cyber security of critical infrastructure", IEEE International Conference on Technologies for Homeland Security, pp.84-88, 2010.
  9. Deborah B. and Graubart R. "Cyber Resiliency Engineering Framework", MITRE Report, 2011.
  10. Fredrik Bjorck, Martin Henkel, Janis Stirna and Jelena Zdravkovic, "Advances in Intelligent Systems and Computing", Springer, Vol.353, pp.311-317, 2015.
  11. Symantec, "The Cyber Resilience Blueprint-A New Perspective on Security", 2014.
  12. Carnegie Mellon University, "CERT(R) Resilience Management Model. 1.0", 2010.
  13. World Economic Forum, "Advancing Cyber Resilience principles tool", 2017.
  14. Bank for International Settlements and International Organization of Securities Commission, "2016 Guidance on cyber resilience for financial market infrastructures", 2016.
  15. H. S. Lyu, H. J. Cho and H. A. Lee, "A Study on Priorities of Cyber Security Policy and Governance", Crisisnomy, Vol. 12, No. 8, pp.86-103, 2016.
  16. S. K Hong, "Megatrend: Digital Future and Cyber Security Service of Accounting Corporation", Ernst&Young Eyesight, Vol. 13, pp.37-42, 2017.
  17. Gartner, "Use Six Principles of Resilience to Address Digital Business Risk and Security", 2015.
  18. The Scottish Government, "Consultation on proposal for a Cyber Resilience Strategy for Scotland. Glasgow: Cyber Resilience Policy Team", 2015.
  19. PricewaterhouseCoopers, "Insurance 2020 & beyond: Reaping the dividends of cyber resilience. New york: PricewaterhouseCoopers LLP", 2015.
  20. M. Choras, M. P. T. Bruna, A. Churchill, I. Eguinoa, R. Kozik, A. Yautsikhin, I. Maciejewska and A. Jomni, "Comprehensive Approach to Increase Cyber Security and Resilience: CAMINO Roadmap and Research Agenda", Availability, Reliability and Security 2015 10th International Conference on, pp. 686-692, 2015.
  21. I. H. Cha, "An Empirical Research on Developing Personnel Security Management Indicators in Information Security", Ph.D. dissertation, p.123, Quarterly Resource, Kwangwoon University, 2009.