The thought here is that some of these practices have not matured long enough, or cannot be proven solidly to work, but yet can prove to be of value and there must be captured and preserved as knowledge.
Any improved gains in resiliency, however, may be hard to measure or prove, especially against the metrics of a good enterprise security program that deploys proven technologies.