Cyber-preparedness: Try the Five Minute Micro-Exercise

Cyber-preparedness: Try the Five Minute Micro-Exercise

Cybersecurity continues to be an evolving threat to the public and to our nation.

Micro-exercising is a concept in physical fitness where people engage in a short, targeted workout or slightly increase the intensity of a normal activity in whatever location or during whatever time they have available – think taking the stairs versus the elevator, or working while standing up instead of sitting at your desk. In the same vein, we can apply a similar approach to cyber-preparedness, as we recognize the number of vulnerabilities created through users’ behavior, activities, or other human errors.

Protecting networks and critical infrastructure from malicious attacks, equipment failure, human errors, and honest mistakes involves applying overlapping security controls in the context of strategies that may be opaque or seem incredibly complex to an authorized system user. When that happens, people may become less conscious of their activities as they are either overwhelmed with information or they think, “Someone else is taking care of this.” While that is often true and even as cybersecurity techniques evolve with proactive technologies to remove vulnerabilities or stem an attack before it happens, we still find that we often react to cyber incidents after the fact.

Enter the micro-exercise. Cybersecurity exercises that receive the most publicity are national in scale and have a broad scope intended to test, validate, or identify weaknesses in large-scale cybersecurity strategy. Beyond that, I often wonder how many system users actually get to participate in any cyber-exercise. I suspect it is not very many and, therefore, people may not have had the opportunity to reflect or understand cybersecurity best practices or response methods.

Managers have an opportunity, and potentially a responsibility to their organization, to provide that opportunity by starting with a simple question: “What would you do if you receive an email with an attachment from someone you don’t know?”  Or, “You see an antivirus alert on your computer, so you…?”  Or, “You are unexpectedly prompted to enter your user ID and password. Should you do that? Should you report it?”

It does not take a full-scale exercise to keep a network healthy. 

Ask the question in a staff meeting and have a five-minute conversation about what should happen next. If people don’t know the answer, rather than being “wrong”, it may mean that there is an opportunity to direct them to an authoritative source, to some awareness materials, or that there is a gap in policy, procedure, or awareness that can be addressed with the IT organization. When this is the case, they will be glad you asked.

Blog Cybersecurity

Contributors

* Arc Aspicio | Arc Aspicio is an information technology and management consulting company that focuses on homeland security and intelligence. Our services include strategy and planning, business architecture, strategic communications, mission/technology alignment, information technology, and program management. Arc Aspicio is building a community that promotes collaboration, continuous learning, innovation, and intelligence to improve homeland security. For more information, please visit www.arcaspicio.com.

Contact Information
Lynn Ann Casey / Chief Executive Officer
info@arcaspicio.com
703.465.2060

A Leader’s Most Influential Tool: Gratitude

A Leader’s Most Influential Tool: Gratitude

Gratitude is one of a great leader’s most powerful tools. It creates positive energy among an organization and the sense of appreciation permeates through the work the collective group is performing. Influential leaders listen to the needs of their colleagues and express gratitude. This helps them bring out the potential in the people they lead and inspire them to achieve what is most important to them and to the project.

The Design Era of Project Management

The Design Era of Project Management

Project Management best practices and methods continue to evolve to address the biggest challenges Government agencies face in today’s market. The increased use of Agile and the move from traditional waterfall methodologies is fairly common in Information Technologies. Projects use Agile methods such as Scrum or Kanban, and organizations invest a lot of time and effort to make this cultural shift on projects.

Data: Lost in Translation No More

Data: Lost in Translation No More

The rise of Big Data technologies and data-driven approaches of business functions has created a demand for data architects and scientists that is growing by as much as 12% annually. These highly technical resources and capabilities address part of the challenge, but organizations still struggle with how to effectively use the data they have to make timely and informed decisions to improve business and mission outcomes.

Great Meetings with IT Customers in an Agile World

Great Meetings with IT Customers in an Agile World

Meetings are an essential part of day-to-day work and collaboration in every organization. There are an estimated 37 million meetings every day in the United States, yet up to 67 percent are considered failures. Sources estimate the cost of unproductive meetings in the billions and say meetings may take up 15% of an organization’s collective time.

Not Made for TV: The Critical Behind-the-Scenes Continuity Mission

Not Made for TV: The Critical Behind-the-Scenes Continuity Mission

Back in the public spotlight for the first time since the Cold War thanks to the new ABC drama Designated Survivor, Continuity of Government (COG) is a lesser-known mission in the portfolio of the Department of Homeland Security (DHS) and its Federal Emergency Management Agency. As a concept, its origins lie in the dawn of the atomic era, when the new possibility of simultaneous nationwide devastation created the need for contingency plans for the worst cases imaginable.

General Services Administration Awards Arc Aspicio HCaTS Contract

Arlington, VA December 12, 2016 — The General Services Administration (GSA) and Office of Personnel Management (OPM) awarded Arc Aspicio the Human Capital and Training Solution (HCaTS) Small Business contract on December 7, 2016. This Multiple Award, Indefinite-Delivery, Indefinite-Quantity (IDIQ) is a government-wide contract that was awarded to vendors in two different pools. Arc Aspicio’s contract is in Pool 2, which supports customized human capital strategy services and organizational performance improvement.