Resilience in Cyber Security: International Frameworks, System Characteristics and Basic Implementation Model Proposal

Yıl 2026, Cilt: 9 Sayı: 2, 243 - 264, 08.02.2026

Füsun Yavuzer Aslan , Bora Aslan

https://doi.org/10.32569/resilience.1677230

https://izlik.org/JA46BZ72GD

Öz

In today’s rapidly digitalizing world, organizations must develop not only preventive measures against cyber threats but also comprehensive strategies to enhance their resilience in a sustainable manner. This study centers on the concept of cyber resilience, examining the structural and managerial attributes that enable modern information systems not only to be protected against attacks but also to maintain functionality during incidents and recover swiftly afterwards. Within the scope of the study, internationally recognized frameworks and standards such as NIST, ENISA, ISO/IEC 27001, COBIT, and ITIL are first analyzed. Subsequently, ten core system characteristics derived from these frameworks are identified and discussed. Additionally, for small and medium-sized organizations that may lack the capacity to fully implement these frameworks, a simplified Basic Resilience Framework consisting of six strategic steps is proposed. This model includes steps such as the identification of critical assets, secure architecture and segmentation, redundancy, monitoring, patch management, and emergency response planning enabling organizations to establish a minimum level of cyber resilience. The study offers a comprehensive perspective on how cyber resilience can be developed across various organizational levels, providing both theoretical insights and practical applications.

Anahtar Kelimeler

Cyber Security , Resilience , Safety Standards , Frame Proposal

Siber Güvenlikte Dayanıklılık: Uluslararası Çerçeveler, Sistem Özellikleri ve Yalın Uygulama Modeli Önerisi

https://izlik.org/JA46BZ72GD

Öz

Dijitalleşmenin hızla arttığı günümüzde, kurumların yalnızca siber tehditleri önlemeye değil aynı zamanda bu tehditlere karşı dayanıklılığını sürdürülebilir biçimde artırmaya yönelik bütüncül stratejiler geliştirmesi gerekmektedir. Bu çalışma siber güvenlikte dayanıklılık kavramını merkezine alarak modern bilgi sistemlerinin saldırılara karşı yalnızca korunmasını değil aynı zamanda saldırı anında işlevselliğini sürdürebilmesini ve sonrasında hızla toparlanabilmesini sağlayacak yapısal ve yönetsel özellikleri incelemektedir. Çalışma kapsamında öncelikle NIST, ENISA, ISO/IEC 27001, COBIT ve ITIL gibi uluslararası düzeyde kabul görmüş çerçeve ve standartlar analiz edilmiş ardından bu yapılar temel alınarak belirlenen on sistem özelliği açıklanmıştır. Buna ek olarak bu çerçeveleri uygulayacak kurumsal kapasiteye sahip olmayan küçük ve orta ölçekli organizasyonlar için altı stratejik adımdan oluşan sadeleştirilmiş bir yalın dayanıklılık çerçevesi önerilmiştir. Önerilen bu çerçeve kurumsal düzeyde kritik varlıkların belirlenmesi güvenli mimari ve segmentasyon, yedeklilik, sürekli izleme, yama yönetimi ve acil durum planlaması gibi adımlarla kurumların asgari düzeyde dayanıklı bir dijital yapı inşa etmesine olanak sağlamaktadır. Çalışma hem teorik hem de uygulamalı katkılarıyla siber dayanıklılığın farklı kurumsal düzeylerde nasıl geliştirilebileceğine dair kapsamlı bir bakış sunmaktadır.

Anahtar Kelimeler

Siber Güvenlik , Dayanıklılık , Güvenlik Standartları , Çerçeve Önerisi

Kaynakça

• Abdelkader, S., Amissah, J., Kinga, S., Mugerwa, G., Emmanuel, E., Mansour, D.-E. A., Bajaj, M., Blazek, V., & Prokop, L. (2024). Securing modern power systems: Implementing comprehensive strategies to enhance resilience and reliability against cyber-attacks. Results in Engineering, 23, 102647. https://doi.org/10.1016/j.rineng.2024.102647
• AL-Hawamleh, A. M. (2024). Securing the Future: Framework Fundamentals for Cyber Resilience in Advancing Organizations. Journal of System and Management Sciences. https://doi.org/10.33168/JSMS.2024.1008
• Ali, A., Khan, M. A., Farid, K., Akbar, S. S., Ilyas, A., Ghazal, T. M., & Al Hamadi, H. (2023). The Effect of Artificial Intelligence on Cybersecurity. 2023 International Conference on Business Analytics for Technology and Security (ICBATS), 1-7. https://doi.org/10.1109/ICBATS57792.2023.10111151
• Araujo, M. S. de, Machado, B. A. S., & Passos, F. U. (2024). Resilience in the Context of Cyber Security: A Review of the Fundamental Concepts and Relevance. Applied Sciences, 14(5), 2116. https://doi.org/10.3390/app14052116
• Axelos. (2019). ITIL 4: The Framework for the Management of IT-Enabled Services.
• Baran, G. (2024, Kasım). Starbucks Hit by Ransomware Attack Via Third-party Software Supplier. Cyber Security News.
• Beretas, C. (2024). Information Systems Security, Detection and Recovery from Cyber Attacks. Universal Library of Engineering Technology, 01(01), 27-40. https://doi.org/10.70315/uloap.ulete.2024.0101005
• Daniel, L. (2024, Aralık). Data Breach—240,000 Credit Union Members Exposed. Forbes. https://www.forbes.com/sites/larsdaniel/2024/12/20/data-breach-240000-credit-union-members-exposed/
• Dehghantanha, A., Yazdinejad, A., & Parizi, R. M. (2023). Autonomous Cybersecurity: Evolving Challenges, Emerging Opportunities, and Future Research Trajectories. Proceedings of the Workshop on Autonomous Cybersecurity, 1-10. https://doi.org/10.1145/3689933.3690832
• Dobberstein, L. (2024, Kasım). Amazon confirms employee data exposed in leak linked to MOVEit vulnerability. The Register. https://www.theregister.com/2024/11/12/amazon_moveit_breach/
• Dünya Gazetesi. (2024, Aralık). Türkiye, PTT ve Anadolu Sigorta ’hack’leriyle sarsıldı: Siber saldırıların perde arkasında ne var? https://www.dunya.com/gundem/turkiye-ptt-ve-anadolu-sigorta-hackleriyle-sarsildi-siber-saldirilarin-perde-arkasinda-ne-var-haberi-756506
• ENISA. (2024). Cyber Resilience Act Requirements Standards Mapping.
• Franke, U., & Brynielsson, J. (2014). Cyber situational awareness – A systematic review of the literature. Computers & Security, 46, 18-31. https://doi.org/10.1016/j.cose.2014.06.008
• Hay Newman, L. (2025, Mart 11). What Really Happened With the DDoS Attacks That Took Down X. Wired. https://www.wired.com/story/x-ddos-attack-march-2025/
• IBM. (2020). What is cyber resilience? https://www.ibm.com/think/topics/cyber-resilience
• IBM. (2024). Cost of a Data Breach Report 2024. https://www.ibm.com/reports/data-breach
• ISACA. (2019). COBIT 2019 Framework: Introdcution and Methodology.
• Lehto, M. (2022). Cyber-Attacks Against Critical Infrastructure (ss. 3-42). https://doi.org/10.1007/978-3-030-91293-2_1
• Lubis, M., Safitra, M. F., Fakhrurroja, H., & Muttaqin, A. N. (2025). Guarding Our Vital Systems: A Metric for Critical Infrastructure Cyber Resilience. Sensors, 25(15), 4545. https://doi.org/10.3390/s25154545
• Maglaras, L. (2022). From Mean Time to Failure to Mean Time to Attack/Compromise: Incorporating Reliability into Cybersecurity. Computers, 11(11), 159. https://doi.org/10.3390/computers11110159
• Meagher, H., & Dhirani, L. L. (2024). Cyber-Resilience, Principles, and Practices. Içinde Cybersecurity Vigilance and Security Engineering of Internet of Everything (ss. 57-74). https://doi.org/10.1007/978-3-031-45162-1_4
• Möller, D. P. F. (2023). Cybersecurity in Digital Transformation (ss. 1-70). https://doi.org/10.1007/978-3-031-26845-8_1
• Munusamy, T., & Khodadi, T. (2023). Building Cyber Resilience: Key Factors for Enhancing Organizational Cyber Security. Journal of Informatics and Web Engineering, 2(2), 59-71. https://doi.org/10.33093/jiwe.2023.2.2.5
• NIST. (2024). The NIST Cybersecurity Framework (CSF) 2.0. https://doi.org/10.6028/NIST.CSWP.29
• Ross, R., Pillitteri, V., Graubart, R., Bodeau, D., & McQuaid, R. (2021). Developing cyber-resilient systems: A Systems Security Engineering Approach. https://doi.org/10.6028/NIST.SP.800-160v2r1
• Saeed, M. M., & Alsharidah, M. (2024). Security, privacy, and robustness for trustworthy AI systems: A review. Computers and Electrical Engineering, 119, 109643. https://doi.org/10.1016/j.compeleceng.2024.109643
• Saeed, S., Suayyid, S. A., Al-Ghamdi, M. S., Al-Muhaisen, H., & Almuhaideb, A. M. (2023). A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience. Sensors, 23(16), 7273. https://doi.org/10.3390/s23167273
• Shaked, A., Tabansky, L., & Reich, Y. (2021). Incorporating Systems Thinking Into a Cyber Resilience Maturity Model. IEEE Engineering Management Review, 49(2), 110-115. https://doi.org/10.1109/EMR.2020.3046533
• Troubitsyna, E. (2023). Utilising Redundancy to Enhance Security of Safety-Critical Systems (ss. 188-196). https://doi.org/10.1007/978-3-031-40953-0_16
• Waqas, A. (2024, Ocak). Indian ISP Hathway Data Breach: Hacker Leaks 4 Million Users, KYC Data. Hackread. https://hackread.com/indian-isp-hathway-data-breach-user-data-kyc-leak/
• Whitman, M. E., & Mattord, H. J. (2011). Principles of Information Security (7. bs). Course Technology Press.