LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How does risk management differ from resilience as a security strategy?

Risk management = short-term, defends known risks on the existing system. Resilience = long-term survival, evolves the whole organisation to absorb any disruption.

Risk Management Resilience
Goal Short-term: avoid losses Long-term: ensure survival
Approach Management overlay on existing system, annual audit cycle Continuous, evolutionary, systemic
Measures Reactive, delegated Anticipating, shaping the future
Focus Limiting damage from known risks Preparing for any unknown disruption — adapt and learn
Responsibility Assigned risk managers + dedicated risk owners Embedded in the organisation, part of the culture

Why both are needed: RM is mechanical and audit-friendly — useful for board reporting, insurance, compliance. But it assumes the threats you'll face look like the ones you've already catalogued. Resilience covers the gap when reality surprises you (NotPetya, COVID, novel zero-days). The WEF's Cyber Resilience Index (CRI) is one published framework for measuring it.

Tip: A ball-in-a-bowl image is often used: RM tries to keep the ball still on a flat surface; resilience builds the bowl so the ball returns to centre after a kick.

From Quiz: ISF / Risk Management | Updated: Jul 14, 2026