Cybersecurity: Don’t Forget the Management Fundamentals

Cybersecurity: Don’t Forget the Management Fundamentals

Cybersecurity: Don’t Forget the Management Fundamentals

 
Advances in tooling, education, and job training provide organizations with the opportunity to advance their own cybersecurity programs.

If not impenetrable, they are at least harder to breach and therefore a less attractive target than the next organization. It may be tempting to assume new tools solve problems and erase or lessen the need to understand management fundamentals as they apply to cybersecurity. Instead, it is vital to consider how effective cybersecurity depends on management fundamentals, especially on sound resource allocation.

One of the most important skills a successful businessperson cultivates is the ability to properly allocate resources to achieve maximum results. Resource allocation decisions vary according to many factors, but the decision-making process is crucial, if not dependent on the business environment. Often, but not always, governed by business needs, cybersecurity programs are constrained by limited resources facing potentially unlimited threats.

Resource allocation decisions are especially acute given the asymmetric nature of cyber-warfare: relatively small numbers of attackers successfully penetrate enterprises that have dramatically more resources and equipment. The decisions for allocating cybersecurity program resources must be driven by a sound process that includes risk assessment, leading to a risk-based allocation of resources.

One approach to allocating resources according to risk begins with documenting every step, process, piece of equipment, or software between computer hosts and people at each end of a transaction. In this case, you might consider one attack scenario a “transaction.” Draw it out and consider where vulnerabilities might be (all of them…there will be a lot), which ones are mitigated already (hopefully, also a lot), what systems and applications are already hardened, where security tooling can apply, how and where people are trained (everyone should be trained according to their role), and where gaps exist. In practice, this process can be complicated. Organizations may not be able to map the transaction process from end to end, and it may extend beyond their networks. Think about it conceptually, then divide the concept into manageable chunks (mobile, perimeter, internal, training, etc.). Taking small steps in the aggregate builds a holistic program and injects expert knowledge of likely risks.

Sometimes it is worthwhile to pass up new capabilities and apply resource elsewhere to reduce risk.

For example, a Chief Information Security Officer of a large multinational company had new information technology assets popping up “like popcorn” because the company was continually acquiring smaller companies. In these cases, an external threat can become an insider threat very quickly. These threats may not be detected applying advanced data analytics to system logs or behavior – there is not enough data yet. Countering that threat requires a rigorous onboarding checklist and procedure for IT assets, and personnel to identify a threat before any trend analysis would have been feasible. In this context, fundamental best security practices apply over a bleeding edge technical solution.

Contributors

* Arc Aspicio | Arc Aspicio is an information technology and management consulting company that focuses on homeland security and intelligence. Our services include strategy and planning, business architecture, strategic communications, mission/technology alignment, information technology, and program management. Arc Aspicio is building a community that promotes collaboration, continuous learning, innovation, and intelligence to improve homeland security. For more information, please visit www.arcaspicio.com.

Contact Information
Lynn Ann Casey / Chief Executive Officer
info@arcaspicio.com
703.465.2060

A Leader’s Most Influential Tool: Gratitude

A Leader’s Most Influential Tool: Gratitude

Gratitude is one of a great leader’s most powerful tools. It creates positive energy among an organization and the sense of appreciation permeates through the work the collective group is performing. Influential leaders listen to the needs of their colleagues and express gratitude. This helps them bring out the potential in the people they lead and inspire them to achieve what is most important to them and to the project.

The Design Era of Project Management

The Design Era of Project Management

Project Management best practices and methods continue to evolve to address the biggest challenges Government agencies face in today’s market. The increased use of Agile and the move from traditional waterfall methodologies is fairly common in Information Technologies. Projects use Agile methods such as Scrum or Kanban, and organizations invest a lot of time and effort to make this cultural shift on projects.

Data: Lost in Translation No More

Data: Lost in Translation No More

The rise of Big Data technologies and data-driven approaches of business functions has created a demand for data architects and scientists that is growing by as much as 12% annually. These highly technical resources and capabilities address part of the challenge, but organizations still struggle with how to effectively use the data they have to make timely and informed decisions to improve business and mission outcomes.

Great Meetings with IT Customers in an Agile World

Great Meetings with IT Customers in an Agile World

Meetings are an essential part of day-to-day work and collaboration in every organization. There are an estimated 37 million meetings every day in the United States, yet up to 67 percent are considered failures. Sources estimate the cost of unproductive meetings in the billions and say meetings may take up 15% of an organization’s collective time.

Not Made for TV: The Critical Behind-the-Scenes Continuity Mission

Not Made for TV: The Critical Behind-the-Scenes Continuity Mission

Back in the public spotlight for the first time since the Cold War thanks to the new ABC drama Designated Survivor, Continuity of Government (COG) is a lesser-known mission in the portfolio of the Department of Homeland Security (DHS) and its Federal Emergency Management Agency. As a concept, its origins lie in the dawn of the atomic era, when the new possibility of simultaneous nationwide devastation created the need for contingency plans for the worst cases imaginable.

General Services Administration Awards Arc Aspicio HCaTS Contract

Arlington, VA December 12, 2016 — The General Services Administration (GSA) and Office of Personnel Management (OPM) awarded Arc Aspicio the Human Capital and Training Solution (HCaTS) Small Business contract on December 7, 2016. This Multiple Award, Indefinite-Delivery, Indefinite-Quantity (IDIQ) is a government-wide contract that was awarded to vendors in two different pools. Arc Aspicio’s contract is in Pool 2, which supports customized human capital strategy services and organizational performance improvement.