EU Agency Presents the First Report Ever on how to Measure IT Resilience

"If you Cannot Measure, it you Cannot Improve it!" - Lord Kelvin / EU Agency Presents the First Comprehensive Report on Metrics and Measurements in Network and Service Resilience, Uncovering a Lack of Standards & Coherency

Heraklion, Crete, (PresseBox) - Business and governments are all reliant on secure networks, but how do you measure the resilience of these networks? The European Network and Information Security Agency (ENISA) has published the 'Main Challenges and Recommendations on Network and Service Resilience Metrics' report, as well as a technical report. These are the first ever reports in Europe to address this area's lack of holistic review.

Metrics and a measurement framework are essential to the assessment of practices and policies to improve network and service resilience. The desktop research done by ENISA shows that a) there are very few existing frameworks and not one is globally acceptable; b) there are no standard practices, as different organisations use diverse sets of baseline metrics and frameworks; and c) it is difficult to combine or aggregate diverse frameworks in a high-level assessment.

The main resilience metrics challenges include:

- A lack of standard practices across the industry and public sectors
- Organisations using own-specific approaches and means to measure resilience, if at all;
- Resilience metrics being difficult to deploy, due to lack of knowledge and awareness;
- A lack of analysis, long and active co-operation towards a common understanding and approach;
- The usefulness and value of resilience metrics declining when complexity increases; and
- A lack of tools and solutions.

The key consensus recommendations are:

- To create a common understanding and practice or standard of resilience metrics (Taxonomy, Description and set of baseline metrics, Impact factors);
- To undertake further research on open issues in resilience metrics (Aggregation, Composition, Thresholds, Data Analysis);
- To develop tools and software to automate the deployment of resilience measurements;
- To collect and analyse data;
- To promote good practices and information sharing; and
- To deploy a conservative approach to introducing metrics (i.e. to start with a small set of metrics).

The technical report is a first step towards building a common understanding, good practices and standards for resilience metrics. It holistically reviews the existing frameworks, models, classification of metrics, and baseline metrics.

"It is imperative for Critical Information Infrastructures Protection to be able to accurately measure the security and resilience in Europe ", ," says Prof. Udo Helmbrecht, Executive Director of ENISA.

A new video clip on resilience metrics is available unter http://www.enisa.europa.eu/....

For background EU framework:

Critical Information Infrastructure Protection (CIIP) Action Plan
http://ec.europa.eu/...

Digital Agenda
http://ec.europa.eu/...

For full papers; http://www.enisa.europa.eu/...

Press releases you might also be interested in

Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.


I want to subscribe to the gratis press mail and have read and accepted the conditions.