A Short Guide to Infrastructure Security and Resiliency (2023)

November is Critical Infrastructure Security and Resilience Month. Recently, we shared tips for protecting each designated critical infrastructure sector:

Critical Infrastructure and Public Protection Strategies: Part 1

(Video) School Security and Resilience

Critical Infrastructure and Public Protection Strategies: Part 2

In this blog post, we’ll look into what security and resiliency really mean for critical infrastructures such as water monitoring systems and emergency services. We’ll also examine how any organization, regardless of industry, can measure risk and improve its cyber defenses.

Start with infrastructure security

At CIS®, we encourage users to start secure and stay secure. But what does security really mean? For critical infrastructure sectors, security is defined by Presidential Policy Directive 21 (PPD-21):

(Video) Infrastructure Resiliency and Continuity of Operations

The terms ‘secure’ and ‘security’ refer to reducing the risk to critical infrastructure by physical means or defense cyber measures to intrusions, attacks, or the effects of natural or manmade disasters.

Organizations can implement security in different ways, including both physical and cybersecurity measures. Examples include:

  • Installing ID badge verification at doorways
  • Using security fencing around buildings
  • Deploying network monitoring
  • Locking devices (such as laptops and cell phones) when not in use

Build with resilience

According to the same policy directive (PPD-21), critical infrastructure sectors should strive for resilience:

(Video) Critical Infrastructure Resilience Webinar

The term ‘resilience’ means the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.

As with security, there are both physical- and cyber-resilience strategies organizations undertake, such as:

  • Having a backup power generator
  • Developing a business continuity plan
  • Building with materials appropriate to the area’s natural risks
  • Implementing annual cybersecurity training for employees

Manage the risk

One key concept behind both security and resiliency is managing risk. PPD-21 explains that critical infrastructure “owners and operators are uniquely positioned to manage risks to their individual operations and assets, and to determine effective strategies to make them more secure and resilient.”

(Video) Azure Master Class v2 - Module 4 - Resiliency

Cyber risks include DDoS attacks, malware, phishing scams, data breaches, and more. So how can critical infrastructure sectors and other organizations get prepared? To help organizations understand and mitigate cyber risks, we offer a free resource known as CIS RAM (CIS Risk Assessment Method). CIS RAM helps organizations conduct a cyber risk assessment and implement cybersecurity best practices found in the CIS Controls™. The method provides three pathways based on your organization’s experience with cyber risk:

  • For organizations new to risk analysis, CIS RAM provides instructions for modeling threats against the CIS Controls.
  • CIS RAM helps organizations more experienced with cybersecurity model threats against information assets.
  • For cyber risk experts, CIS RAM offers instructions for analyzing risks based on “attack paths.”

The Road Ahead

Building organizational security and resiliency can be especially challenging when dealing with cyber threats. By conducting a cyber risk assessment, organizations can invest time upfront to ensure they are implementing informed policies and processes. This helps ensure security controls are effective against real-world threats. CIS RAM is one method to help organizations get started and assess against risk-based cybersecurity models.


What are the 3 types of infrastructure security? ›

Access Control: The prevention of unauthorized users and devices from accessing the network. Application Security: Security measures are placed on hardware and software to lock down potential vulnerabilities. Firewalls: Gatekeeping devices that can allow or prevent specific traffic from entering or leaving the network.

What are the 5 areas of infrastructure security? ›

Infrastructure Security
  • Chemical Sector.
  • Commercial Facilities Sector.
  • Communications Sector.
  • Critical Manufacturing Sector.
  • Dams Sector.
  • Defense Industrial Base Sector.
  • Emergency Services Sector.
  • Energy Sector.
Oct 21, 2020

What are the five 5 key points to be considered before implementing security strategy? ›

5 Components to a Proactive Security Strategy
  • #1: Get visibility of all your assets. ...
  • #2: Leverage modern and intelligent technology. ...
  • #3: Connect your security solutions. ...
  • #4: Adopt comprehensive and consistent training methods. ...
  • #5: Implement response procedures to mitigate risk.
Nov 1, 2018

What is the three 3 elements of critical infrastructure? ›

The three interwoven elements of critical infrastructure (physical, cyber and human) are explicitly identified and should be integrated throughout the steps of the framework, as appropriate.

What are the 3 P's of security? ›

Like a football or soccer team, security also has two lineups that must be continuously managed. One lineup involves protecting the digital assets and data of a business.

What are the 3 A's in security? ›

Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.

What are the 7 layers of security? ›

7 Layers of Security
  • Information Security Policies. These policies are the foundation of the security and well-being of our resources. ...
  • Physical Security. ...
  • Secure Networks and Systems. ...
  • Vulnerability Programs. ...
  • Strong Access Control Measures. ...
  • Protect and Backup Data. ...
  • Monitor and Test Your Systems.

What are the 4 layers of security? ›

The four basic layers of physical security are design, control, detection, and identification. For each of these layers, there are different options that can be utilized for security. Physical security design refers to any structure that can be built or installed to deter, impede, or stop an attack from occurring.

What are the 6 types of security? ›

What are the 6 types of security infrastructure systems?
  • Access Controls. The act of restricting access to sensitive data or systems enables your enterprise to mitigate the potential risks associated with data exposure. ...
  • Application Security. ...
  • Behavioral Analytics. ...
  • Firewalls. ...
  • Virtual Private Networks. ...
  • Wireless Security.
Feb 22, 2022

What are the four key critical infrastructures? ›

To illustrate dependencies among critical systems, let's take a more in-depth look at some of the most universally important infrastructure sectors – Communications, Energy, Transportation, and Water.

What are the 3 most important pillars of information security? ›

3 Pillars of Data Security: Confidentiality, Integrity &...
  • Confidentiality — You need to know your data is protected from unauthorized access.
  • Integrity — You have to be able to trust your data.
  • Availability — You need to be able to access your data.
Jun 21, 2022

What are 3 ways a person can build resilience? ›

Tips to improve your resilience
  • Get connected. Building strong, positive relationships with loved ones and friends can provide you with needed support, guidance and acceptance in good and bad times. ...
  • Make every day meaningful. ...
  • Learn from experience. ...
  • Remain hopeful. ...
  • Take care of yourself. ...
  • Be proactive.

How do you ensure infrastructure security? ›

How to Make Your IT Infrastructure More Secure
  1. Have experts conduct an IT assessment/audit and planning. ...
  2. Create and enforce IT security policies. ...
  3. Enforce a strong password policy. ...
  4. Back-up your data. ...
  5. Always update your anti-virus software. ...
  6. Update workstations and software. ...
  7. Update your firewall.

What are the basic security tips? ›

General Security Tips for Homeowners
  • Always close and lock garage doors and windows.
  • Be alert for unusual activities. ...
  • Be careful about admitting strangers. ...
  • Do not keep valuable items near windows with open drapes.
  • Empty your mailbox or have someone empty it for you.

What are the 6 components of infrastructure? ›

Also, the six elements are common to each process or function. These elements include business policies, business processes, people and organization, management reports, methodologies, and systems and data.

What are the five components of infrastructure? ›

Hardware, software, data management technology, network infrastructure, and information systems comprise IT infrastructure components.

What are the example of critical infrastructure give at least 5? ›

Critical infrastructure includes the vast network of highways, connecting bridges and tunnels, railways, utilities and buildings necessary to maintain normalcy in daily life. Transportation, commerce, clean water and electricity all rely on these vital systems.

What are the five fundamentals of security? ›

Successful security operations depend on properly applying five fundamentals:
  • Provide early and accurate warning.
  • Provide reaction time and maneuver space.
  • Orient on the force or facility to be secured.
  • Perform continuous reconnaissance.
  • Maintain enemy contact.

What are the four examples of infrastructure? ›

Examples of infrastructure include transportation systems, communication networks, sewage, water, and school systems.

What are the basic elements of infrastructure and their importance? ›

In an organization or for a country, a basic infrastructure includes communication and transportation, sewage, water, education system, health system, clean drinking water, and monetary system. A country's economic and social development is directly dependent on a country's infrastructure.

What are the most crucial infrastructure requirements? ›

“Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. They include, but are not limited to, telecommunications, energy, banking and finance, transportation, water systems and emergency services, both governmental and private.”

What are 3 D's of security in security in computing? ›

That is where the three D's of security come in: deter, detect, and delay. The three D's are a way for an organization to reduce the probability of an incident.

What are the 5 pillars of NIST? ›

5 Domains of the NIST Security Framework. The five domains in the NIST framework are the pillars support the creation of a holistic and successful cybersecurity plan. They include identify, protect, detect, respond, and recover.

What is the single largest threat to information security? ›

1) Phishing Attacks

The biggest, most damaging and most widespread threat facing small businesses is phishing attacks. Phishing accounts for 90% of all breaches that organizations face, they've grown 65% over the last year, and they account for over $12 billion in business losses.

What are the 7 C's of resilience? ›

Dr Ginsburg, child paediatrician and human development expert, proposes that there are 7 integral and interrelated components that make up being resilient – competence, confidence, connection, character, contribution, coping and control.

What are the five 5 skills of resilient person? ›

Resilience is made up of five pillars: Self Awareness, Mindfulness, Self Care, Positive Relationships and Purpose.
  • Self awareness. ...
  • Mindfulness. ...
  • Self care. ...
  • Positive relationships. ...
  • Purpose.

What are 5 examples of being resilient? ›

An Example of Resilient Behavior
  • Viewing setbacks as impermanent.
  • Reframing setbacks as opportunities for growth.
  • Recognizing cognitive distortions as false beliefs.
  • Managing strong emotions and impulses.
  • Focusing on events you can control.
  • Not seeing yourself as a victim.
  • Committing to all aspects of your life.
Jan 20, 2019

What is the meaning of infrastructure security? ›

Infrastructure security is the practice of protecting critical systems and assets against physical and cyber threats. From an IT standpoint, this typically includes hardware and software assets such as end-user devices, data center resources, networking systems, and cloud resources.

Why is infrastructure security important? ›

Infrastructure security, which includes critical infrastructure security, is critical both for preventing damage to technology assets and data due to attack or disaster. It's also necessary for minimizing the amount of damage in the event of a successful attack or if a disaster occurs.

What are the 4s of resilience plan? ›

My co-presenter and I discussed our formula of what we call the four "R's": recognize, respond, reframe, and role model.

What are the 7 steps to cyber resilience? ›

Shift to cyber resilience: 7 steps to a better security approach
  1. Invest in SOAR to improve detection and response times. ...
  2. Adopt zero trust to control access to sensitive data. ...
  3. Stress-test your incident response plan to boost resilience. ...
  4. Use tools to protect and monitor endpoints, remote employees.

What are the 5 pillars associated with building resilience? ›

Resilience is made up of five pillars: Self Awareness, Mindfulness, Self Care, Positive Relationships and Purpose.

What are the 3 P's of resilience? ›

Seligman's 3Ps Model of Resilience

These three Ps – personalization, pervasiveness, and permanence – refer to three emotional reactions that we tend to have to adversity.

What are the 7 pillars of resilience? ›

Here's a few techniques for strengthening the 7 pillars of resilience.
  • Emotional regulation. Emotional regulation is the ability to identify what you are feeling and the ability to control your feelings when necessary. ...
  • Impulse control. ...
  • Realistic optimism. ...
  • Causal analysis. ...
  • Empathy. ...
  • Self-efficacy. ...
  • Reaching out.

What are the 5 C's of cyber security? ›

The five C's of cyber security are five areas that are of significant importance to all organizations. They are change, compliance, cost, continuity, and coverage. The top priority of organizations all over is having security protective of their digital and physical assets.

What are the four 4 cybersecurity protocols? ›

Four security protocols to protect the new normal, a hybrid...
  • Access Control.
  • Authentication.
  • Information Protection.
  • Automated Monitoring.
Mar 16, 2022

What are the 9 strategies to build resilience? ›

Here are 9 tips to get you started on building your own resiliency skills.
  • Shift into neutral. When you feel stressed, take a moment to check your “self-talk,” Singer advises. ...
  • Create your mantra. ...
  • Understand what's happening. ...
  • Spread out stressors. ...
  • Put you first. ...
  • Make life mindful. ...
  • Take care physically. ...
  • Reach for support.

What are the 6 resilience skills? ›

What are The 6 Pillars Of Resilience?
  • Satisfaction with Lifestyle. People who lead a satisfying & fulfiling life tend to cope better with stress & adversity. ...
  • Supportive Relationships. ...
  • Physical Wellbeing. ...
  • Solution-Focused Coping. ...
  • Emotion-Focused Coping. ...
  • Positive Beliefs.

What is the most important infrastructure? ›

Critical infrastructure includes the vast network of highways, connecting bridges and tunnels, railways, utilities and buildings necessary to maintain normalcy in daily life. Transportation, commerce, clean water and electricity all rely on these vital systems.


1. It's NOT about SECURITY. It's about RESILIENCY!
(REAL security)
2. 2022-06-15: Critical Infrastructure Resilience - Concepts, Frameworks, & Strategies (Dr. Thomas)
(Incose Chesapeake)
3. Risk Managing Buildings and Infrastructure for Climate Change - A Guide to Resiliency Webinar
(Pinchin Ltd.)
4. Building Infrastructure Resilience
(DHS Science and Technology Directorate)
5. ASIS GSX 2019 Introduction to Critical Infrastructure Resilience Presentation
(Justin Kates)
6. CIRI Webinar Series: "An Intro to DHS’s Role in Protecting Critical Infrastructure"
(Critical Infrastructure Resilience Institute)
Top Articles
Latest Posts
Article information

Author: Greg Kuvalis

Last Updated: 02/07/2023

Views: 5467

Rating: 4.4 / 5 (75 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Greg Kuvalis

Birthday: 1996-12-20

Address: 53157 Trantow Inlet, Townemouth, FL 92564-0267

Phone: +68218650356656

Job: IT Representative

Hobby: Knitting, Amateur radio, Skiing, Running, Mountain biking, Slacklining, Electronics

Introduction: My name is Greg Kuvalis, I am a witty, spotless, beautiful, charming, delightful, thankful, beautiful person who loves writing and wants to share my knowledge and understanding with you.