1
Predict adversary attacks
Understand how likely attackers operate, where they are most likely to strike, and which critical dependencies they will target first.
Manifesto Chapter 02
The key to an effective cyber resilience strategy
An effective strategy starts by assuming that if your administrator can do it, an adversary can do it too. Resilience planning has to work from that premise.
If your administrator can do it, an adversary can do it.
Strategic recognition
Plan for compromise, not fantasy.
Resilience strategy fails when the organization plans around perfect protection. The stronger posture is to assume compromise, protect what matters most, and rehearse how the enterprise will keep operating anyway.
Core realities
- A determined adversary will eventually find a path through some layer of the environment.
- Administrator-level privileges represent an attacker end state, so strategy has to assume privileged compromise is possible.
- The organization has to continue operating while detection, containment, and recovery are still unfolding.
- Resilience is stronger when leadership, architecture, and operations plan for compromise instead of denying it.
Ten abilities of a resilient organization
Strategy is expressed here as a set of organizational abilities. These are the capabilities the enterprise should be able to demonstrate before, during, and after a serious cyber event.
2
Prevent adversary attacks
Apply practical controls that reduce initial access opportunities without pretending prevention alone is enough.
3
Prepare for adversary attacks
Build playbooks, alternate processes, and decision authority before the enterprise is under pressure.
4
Fight through cyberattacks
Keep essential functions moving while the organization absorbs disruption and makes time-sensitive tradeoffs.
5
Contain or defeat the adversary
Limit the attacker's room to maneuver and remove them before the compromise becomes organizationally catastrophic.
6
Determine damages caused by a cyber adversary
Measure operational, technical, and business impact quickly enough to support recovery priorities and executive decisions.
7
Restore
Recover systems, data, and trusted workflows in an order that protects the enterprise's most important outcomes.
8
Determine reliability
Verify that restored capabilities are actually trustworthy before the organization depends on them at scale again.
9
Transform existing processes and behavior
Change routines, incentives, and operating assumptions so resilience becomes normal rather than exceptional.
10
Re-architect
Use what was learned to reshape systems, dependencies, and governance so the next attack is less damaging.
Manifesto Navigation
Chapter 02: Strategy
Use the back and forward buttons to read in order, or jump directly to any chapter.