Purpose

The drive for digitalisation has increased the scope of cyber threats which can exploit the growing footprint of information and communication technology infrastructure supporting modern societies. Despite substantial interest and efforts in researching and building organisational cyber resilience, the resulting body of work is heterogeneous and has yet to reach maturity. This paper aims to address the gap in the conceptualisation of cyber resilience in academic and practice-oriented grey literature.

Design/methodology/approach

In this conceptual paper, we firstly seek to explore the available foundations of resilience as a construct and consider how these can be applied to organisational cybersecurity. To that aim, this study employs a targeted literature review approach, incorporating systematic elements to ensure rigour. Literature was identified through comprehensive searches in key academic databases, reference chaining and expert recommendations. Articles were selected based on relevance and contribution to the field, resulting in a thematic analysis to identify gaps and propose a heuristic model for cyber resilience. With this approach, we aim to position the emerging view of cyber resilience relative to risk analysis, while highlighting its domain of “conceptual comparative advantage” – the types of applications it is best suited to address. Finally, a high-level heuristic model for cyber resilience is proposed, which functions across the relevant policy, strategy and operational dimensions while also considering its relationship with cyber risk management.

Findings

A conceptual model for organisational cyber resilience is proposed which helps position and frame research contributions in this domain relative to risk analysis, highlighting its domain of comparative advantage. The model integrates policy, strategy and operational dimensions, in a manner conducive to bridging foundations and applications of the concept of cyber risk management. The proposed model provides a critical point of reference to evaluate individual models, frameworks and tools.

Originality/value

This paper is a pioneering effort to overcome the current gaps between conceptual and practical views of cyber resilience. It proposes a new, risk-aligned view of the concept of cyber resilience and provides a structural foundation for further research and practice in the field.

中文翻译：

---

组织网络弹性：桥接基础和应用程序的启发式方法

 目的

数字化的驱动力增加了网络威胁的范围，这些威胁可以利用支持现代社会的信息和通信技术基础设施日益增长的足迹。尽管人们对研究和构建组织网络弹性产生了浓厚的兴趣和努力，但由此产生的工作是异质的，尚未达到成熟。本文旨在解决学术和以实践为导向的灰色文献中网络弹性概念化的差距。

设计/方法/方法

在这篇概念性论文中，我们首先寻求探索弹性的可用基础，并考虑如何将这些基础应用于组织网络安全。为此，本研究采用了有针对性的文献综述方法，结合系统元素以确保严谨性。通过在关键学术数据库中进行全面搜索、参考链接和专家推荐来确定文献。根据对该领域的相关性和贡献来选择文章，从而进行主题分析，以确定差距并提出网络弹性的启发式模型。通过这种方法，我们的目标是定位相对于风险分析的网络弹性的新兴观点，同时强调其“概念比较优势”领域——它最适合处理的应用程序类型。最后，提出了一种网络弹性的高级启发式模型，该模型在相关政策、战略和运营维度上发挥作用，同时还考虑了它与网络风险管理的关系。

 发现

提出了一个组织网络弹性的概念模型，该模型有助于定位和构建该领域相对于风险分析的研究贡献，突出其比较优势领域。该模型整合了政策、战略和运营维度，有利于弥合网络风险管理概念的基础和应用。所提出的模型为评估单个模型、框架和工具提供了一个关键的参考点。

 原创性/价值

本文是一项开创性的努力，旨在克服当前网络弹性的概念和实践观点之间的差距。它提出了一种新的、与风险相关的网络弹性概念观点，并为该领域的进一步研究和实践提供了结构基础。