Cybersecurity: Don’t Forget the Management Fundamentals

Cybersecurity: Don’t Forget the Management Fundamentals

Cybersecurity: Don’t Forget the Management Fundamentals

 
Advances in tooling, education, and job training provide organizations with the opportunity to advance their own cybersecurity programs.

If not impenetrable, they are at least harder to breach and therefore a less attractive target than the next organization. It may be tempting to assume new tools solve problems and erase or lessen the need to understand management fundamentals as they apply to cybersecurity. Instead, it is vital to consider how effective cybersecurity depends on management fundamentals, especially on sound resource allocation.

One of the most important skills a successful businessperson cultivates is the ability to properly allocate resources to achieve maximum results. Resource allocation decisions vary according to many factors, but the decision-making process is crucial, if not dependent on the business environment. Often, but not always, governed by business needs, cybersecurity programs are constrained by limited resources facing potentially unlimited threats.

Resource allocation decisions are especially acute given the asymmetric nature of cyber-warfare: relatively small numbers of attackers successfully penetrate enterprises that have dramatically more resources and equipment. The decisions for allocating cybersecurity program resources must be driven by a sound process that includes risk assessment, leading to a risk-based allocation of resources.

One approach to allocating resources according to risk begins with documenting every step, process, piece of equipment, or software between computer hosts and people at each end of a transaction. In this case, you might consider one attack scenario a “transaction.” Draw it out and consider where vulnerabilities might be (all of them…there will be a lot), which ones are mitigated already (hopefully, also a lot), what systems and applications are already hardened, where security tooling can apply, how and where people are trained (everyone should be trained according to their role), and where gaps exist. In practice, this process can be complicated. Organizations may not be able to map the transaction process from end to end, and it may extend beyond their networks. Think about it conceptually, then divide the concept into manageable chunks (mobile, perimeter, internal, training, etc.). Taking small steps in the aggregate builds a holistic program and injects expert knowledge of likely risks.

Sometimes it is worthwhile to pass up new capabilities and apply resource elsewhere to reduce risk.

For example, a Chief Information Security Officer of a large multinational company had new information technology assets popping up “like popcorn” because the company was continually acquiring smaller companies. In these cases, an external threat can become an insider threat very quickly. These threats may not be detected applying advanced data analytics to system logs or behavior – there is not enough data yet. Countering that threat requires a rigorous onboarding checklist and procedure for IT assets, and personnel to identify a threat before any trend analysis would have been feasible. In this context, fundamental best security practices apply over a bleeding edge technical solution.

Contributors

* Arc Aspicio |

Arc Aspicio is a management, strategy, and technology consulting firm that takes a mission-oriented approach to complex client challenges. As a rapidly growing company, Arc Aspicio has a bold strategy for 2016-2018 that drives growth through new capabilities in strategy, design, human capital, data analytics, information sharing, cybersecurity, and strategic communications. The company is known for a strong, collaborative culture that values gratitude – for its clients and its great team. And, #welovedogs! Follow us on Twitter @arcaspicio or learn more at www.arcaspicio.com.

Lynn Ann Casey / Chief Executive Officer
info@arcaspicio.com
703.465.2060

Data + Strategy: Using Data to Inform Agency Strategy

Data + Strategy: Using Data to Inform Agency Strategy

Understanding the types of data available, gaining access to the right data, and making sense of data are daunting tasks for most organizations as they develop a strategy to meet mission demands and enterprise-wide goals. Data is especially challenging for the Government, yet provides the opportunity for insight for leaders as they strategically move their agencies forward.

Workplace Morale is Going to the Dogs… Literally!

Workplace Morale is Going to the Dogs… Literally!

There are few greater feelings than a dog’s unconditional love. And some are finding that a dog’s love can help combat stress at work. Secretary Zinke of the Interior Department announced his intent for "Doggy Days" where he encouraged employees to bring their canine companions to work on designated days. More than 80 dogs arrived for first event and the overjoyed employees immediately scheduled the next.

Accelerating FITARA Compliance: Five Steps That Leaders Can Take Today

Accelerating FITARA Compliance: Five Steps That Leaders Can Take Today

Implementing change is not always easy, but it is always necessary. Federal agencies have been working to transform how they acquire and manage Federal information technology (IT). The Federal Information Technology Acquisition Reform Act (FITARA) in December 2014 has increased visibility into this transformation.Although FITARA enhances the authority and accountability of Chief Information Officers (CIOs) in reviewing and approving major IT investment projects, CIOs continue to look for new ways to implement best practices at their agencies.

Combating the Rise of Transnational Criminal Organizations

Combating the Rise of Transnational Criminal Organizations

Crime, corruption, and violence – particularly involving drug, human, and weapons trafficking – continue to increase at an alarming rate in the U.S. Transnational Criminal Organizations (TCOs) are a critical part of this trend and pose a serious and growing threat to homeland security – at our borders and beyond.U.S. Customs and Border Protection (CBP) is at the tip of the spear to combat TCOs. With the context that the first goal in their Vision and Strategy 2020 Strategic Plan is Counter Terrorism and Transnational Crime, CBP is focusing on disrupting TCOs responsible for the cross-border trafficking of illegal drugs, humans, and guns.

Design Thinking: Putting the Citizen at the Heart of Lasting Change

Design Thinking: Putting the Citizen at the Heart of Lasting Change

For the past few decades, there has been a growing increase in the digital channels available to network with the Federal government. These channels have made it easier for the public to interact and elicit responses from elected officials.These growing interactions have increased expectations for Government to be more transparent and collaborative. From the Department of Homeland Security (DHS) to the Department of State (DOS), Design Thinking transformations have begun to develop and modernize programs to be more human-centered. Agencies and programs beholden to serve the public good should logically adopt a problem-solving mindset that places the individual at the heart of any lasting changes.

Using Behavioral Science to Improve Mission Outcomes

Using Behavioral Science to Improve Mission Outcomes

Although behavioral science has been studied and applied within academia for decades, recently the concept has emerged everywhere – from Silicon Valley tech giants such as Google and Uber, to various Government agencies including the Department of Education, the Department of Defense, and the Department of Agriculture.But defining and applying such a broad and sometimes-nebulous discipline can prove difficult. What exactly is behavioral science? How can the Government use the concepts and lessons learned effectively?

Homeland Security Managers = Innovative Leaders

Homeland Security Managers = Innovative Leaders

The search for and implementation of innovative methods to protect the homeland should play an important role in homeland security managers’ approach to how they guide their organizations. Citizens expect government leaders to propose and implement organizational, acquisition, and personnel management practices that enhance our nation’s ability to prepare for and mitigate potential threats. They expect these to make them safer and the nation more secure.

Exploring the Known: Empowering Innovation by Working Out Loud

Exploring the Known: Empowering Innovation by Working Out Loud

Sharing in-progress work with others – your team, your client, your leaders – can be a daunting prospect. It can also be a great way to share lessons learned, drive quality into everything we do, and build trust. Working Out Loud is “a practice that combines conventional wisdom about relationships with modern ways to reach and engage people”. 

Leaders by Design (Thinking)

Leaders by Design (Thinking)

At Arc Aspicio, our very best assets are our people. In 2017, we introduced a program called the ‘Leaders by Design’ aimed at growing future leaders of our firm in a peer group setting. Leaders by Design is a customized experience for Senior Associates within the company to develop leadership skills and grow professionally and personally by interacting with others with similar experiences and also with senior leaders. The Peer Group is a co-investment to focus on collective growth and development – this means the company invests money and time in developing the training and the growing leaders also invest personal time.

Organization Redesign: Is the Cure Worse than the Ailment?

Organization Redesign: Is the Cure Worse than the Ailment?

According to a popular management joke, new executives should blame their predecessors when facing their first crisis.  When facing their second crisis, they should reorganize everything. Jokes are funny when they’re seen as plausible. Reorganizations show action, produce change, and create opportunities for new leadership. However, are reorganizations worth the disruption?

Arc Aspicio to Host Design Thinking Forum: Creating the Future of Government on June 21

Arc Aspicio to Host Design Thinking Forum: Creating the Future of Government on June 21

Washington, DC, June 7, 2017 — Arc Aspicio plans to host an inaugural Design Thinking Forum featuring a discussion on how Federal leaders can innovate solutions to create the future of Government. Design Thinking is a human-centered innovation process that emphasizes observation, collaboration, fast learning, visualization of ideas, rapid concept prototyping, and concurrent business analysis, which ultimately generates innovation and increased mission outcomes.