Resilience Measurement and Analysis
As organizations strive to improve their ability to effectively manage operational resilience, it is essential that they have an approach for determining what measures best inform the extent to which they are meeting their performance objectives. (Operational resilience comprises the disciplines of security, business continuity, and aspects of IT operations.)
The resilience measurement and analysis research project is focused on addressing the following questions:
- How resilient is my organization?
- Have our processes made us more resilient?
And to inform these, answering this question:
- What should be measured to determine if process performance objectives for operational resilience are being achieved?
Our work thus far has produced the following resources for measuring operational resilience:
- an approach for deriving meaningful measures from operational resilience objectives
- six high-level objectives for managing operational resilience
- a set of "top ten" strategic measures derived from the operational resilience objectives
- an update of all process implementation and effectiveness measures listed in Generic Goal 2, Generic Practice 8, "Monitor and Control the Process," in each of the 26 process areas of the CERT Resilience Management Model (CERT-RMM) v1.1
- identification of more than 30 measures that apply to all 26 CERT-RMM process areas
- guidance and templates for defining processes and procedures for use as a context for selecting and defining operational resilience measures
- a template that can be used for defining resilience measures