01
Limited resources, deliberate focus
Architecture has to acknowledge that money, time, and attention are finite. The design question is where to concentrate them so critical assets remain defensible and recoverable.
Manifesto Chapter 04
Cyber resilience architecture
To become truly cyber resilient, the organization has to be architected for uncertainty, compromise, and the unknown.
To become truly cyber resilient, you must architect the organization to prepare for the unknown.
Five architectural principles
Resilient architecture is not a wall. It is an operating design that can keep the enterprise functional through disruption, uncertainty, and sustained compromise.
02
Agility and adaptability
A resilient enterprise must be able to change course quickly as the threat picture, dependencies, or mission requirements shift.
03
Attack-surface reduction
The more exposed pathways and unnecessary complexity an enterprise carries, the easier it is for an attacker to move. Reduce what does not need to exist.
04
Minimum acceptable performance under compromise
Systems may remain degraded or compromised for long periods. Architecture should still preserve a minimum acceptable level of performance across multiple operating states.
05
Resilience against unforeseen attacks
The organization will face techniques it did not predict. Good architecture therefore emphasizes graceful degradation, modular recovery, and options that still work when assumptions fail.
Manifesto Navigation
Chapter 04: Architecture
Use the back and forward buttons to read in order, or jump directly to any chapter.