01
Continuously redefine mitigations around critical assets
Identify the impacts and risks emerging from the attack surface and the external threat landscape, then adjust defensive architecture to keep protecting what matters most.
Manifesto Chapter 05
Cyber resilience outcomes
A state-of-the-art cyber-resilient enterprise can achieve a small number of high-value outcomes that prove resilience is operational, not rhetorical.
Complexity is the enemy of good resilience.
Seven high-level outcomes
Each outcome describes a visible organizational state that strong resilience programs should be able to produce.
02
Design resilient-by-default processes
Build risk, architecture, and operating processes so resilience is embedded by default instead of added only after a major event.
03
Safeguard assets needed for extended conflict
Protect the systems and dependencies the enterprise would need if it had to endure a sustained campaign from an advanced adversary.
04
Protect weaponizable systems and preserve break-glass recovery
Identify assets that could be turned against the company and maintain the emergency capabilities required to recover from broad compromise.
05
Cultivate a resilience-conscious workforce
Prepare personnel with the tested resources, clear responsibilities, and practiced behaviors required to respond effectively during real incidents.
06
Learn from the failures of other organizations
Use lessons from peers that appeared resilient but were still operationally incapacitated by advanced adversaries.
07
Measure capabilities before risks become material
Track capabilities, compare against peers, and turn resilience into business intelligence early enough to act before damage becomes existential.
Manifesto Navigation
Chapter 05: Outcomes
Use the back and forward buttons to read in order, or jump directly to any chapter.
BackArchitectureChapter 04
ForwardEnd of manifesto