Cybersecurity: Don’t Forget the Management Fundamentals

Cybersecurity: Don’t Forget the Management Fundamentals

Cybersecurity: Don’t Forget the Management Fundamentals

 
Advances in tooling, education, and job training provide organizations with the opportunity to advance their own cybersecurity programs.

If not impenetrable, they are at least harder to breach and therefore a less attractive target than the next organization. It may be tempting to assume new tools solve problems and erase or lessen the need to understand management fundamentals as they apply to cybersecurity. Instead, it is vital to consider how effective cybersecurity depends on management fundamentals, especially on sound resource allocation.

One of the most important skills a successful businessperson cultivates is the ability to properly allocate resources to achieve maximum results. Resource allocation decisions vary according to many factors, but the decision-making process is crucial, if not dependent on the business environment. Often, but not always, governed by business needs, cybersecurity programs are constrained by limited resources facing potentially unlimited threats.

Resource allocation decisions are especially acute given the asymmetric nature of cyber-warfare: relatively small numbers of attackers successfully penetrate enterprises that have dramatically more resources and equipment. The decisions for allocating cybersecurity program resources must be driven by a sound process that includes risk assessment, leading to a risk-based allocation of resources.

One approach to allocating resources according to risk begins with documenting every step, process, piece of equipment, or software between computer hosts and people at each end of a transaction. In this case, you might consider one attack scenario a “transaction.” Draw it out and consider where vulnerabilities might be (all of them…there will be a lot), which ones are mitigated already (hopefully, also a lot), what systems and applications are already hardened, where security tooling can apply, how and where people are trained (everyone should be trained according to their role), and where gaps exist. In practice, this process can be complicated. Organizations may not be able to map the transaction process from end to end, and it may extend beyond their networks. Think about it conceptually, then divide the concept into manageable chunks (mobile, perimeter, internal, training, etc.). Taking small steps in the aggregate builds a holistic program and injects expert knowledge of likely risks.

Sometimes it is worthwhile to pass up new capabilities and apply resource elsewhere to reduce risk.

For example, a Chief Information Security Officer of a large multinational company had new information technology assets popping up “like popcorn” because the company was continually acquiring smaller companies. In these cases, an external threat can become an insider threat very quickly. These threats may not be detected applying advanced data analytics to system logs or behavior – there is not enough data yet. Countering that threat requires a rigorous onboarding checklist and procedure for IT assets, and personnel to identify a threat before any trend analysis would have been feasible. In this context, fundamental best security practices apply over a bleeding edge technical solution.

Contributors

* Arc Aspicio |

Arc Aspicio is a management, strategy, and technology consulting firm that takes a mission-oriented approach to complex client challenges. As a rapidly growing company, Arc Aspicio has a bold strategy for 2016-2018 that drives growth through new capabilities in strategy, design, human capital, data analytics, information sharing, cybersecurity, and strategic communications. The company is known for a strong, collaborative culture that values gratitude – for its clients and its great team. And, #welovedogs! Follow us on Twitter @arcaspicio or learn more at www.arcaspicio.com.

Lynn Ann Casey / Chief Executive Officer
info@arcaspicio.com
703.465.2060

Arc Aspicio Named 2018 Washington D.C. Corporate Culture Winner

Arc Aspicio Named 2018 Washington D.C. Corporate Culture Winner

Arlington, VA, February 19, 2018 — CEO Report chose Arc Aspicio as a Washington D.C. Corporate Culture Award Winner for 2018. An independent committee grants the award to companies that focus on empowering employees and fostering a work environment that is both creative and collaborative. Winners of the Corporate Culture Awards are leaders in using company culture as an asset for growth.

Lean Strategies: Workforce Engagement and Retention in the Federal Government

Lean Strategies: Workforce Engagement and Retention in the Federal Government

Across the Federal government, agencies and programs have been tasked with building, training, and retaining the workforce needed to serve the American people. Public-sector leaders have been struggling with the right approach to this challenge, but we are now seeing more and more agencies turn to implementing private industry ’lean’ methods as a potential solution. Lean strategies aim to identify and improve an organization’s pain-points by following a set of principles and techniques focused on minimizing risk, optimizing cost and quality of processes, and engaging employees to deliver value-added benefits and improvements aligned to the organization’s mission and goals.

Architecting the Arc Aspicio Employee Experience

Architecting the Arc Aspicio Employee Experience

Human Resources (HR). What comes to mind when you hear “HR”? Hopefully, it’s positive! While most people would answer with “processing paperwork, administering benefits, onboarding and paying employees, etc.,” HR in 2018 is so much more. As the Association for Talent Development argues, HR is about being an “experience architect.” It can transform the employee experience.

Building Data Analytics Capacity in Your Organization: Centralize or Decentralize?

Building Data Analytics Capacity in Your Organization: Centralize or Decentralize?

As threats evolve and technology reinvents how we perform work, the Government must continue to find solutions to increasingly complex and multifaceted problems. Thanks to the expanded availability and relevance of data, agencies are now equipped with more resources to make accurate fact-based decisions surrounding these complex issues. As agencies make increasing use of this data, they need to determine whether to implement a centralized or decentralized analytical structure.

Making a Difference

Making a Difference

We’ve all been there, a moment in a past job where you ask yourself if your work really matters. You are approaching mid-career and what matters more to you now is seeing your work make a difference. I knew that I wanted to spend more time “doing” homeland security, rather than writing policy memos about what other people were doing. With this mindset, I walked into my interview with Arc Aspicio four years ago. My question for my interviewer—how do your people make a difference every day?

Arc Aspicio Launches “Our Story” and Launches Updated Website

Arc Aspicio Launches “Our Story” and Launches Updated Website

Washington, DC, February 12, 2018 —Arc Aspicio published a blog series and updated its website to focus on the story and history of the company. “Our Story” starts from the beginning and shows key accomplishments and milestones along the way.

Lynn Ann Casey founded Arc Aspicio with a small team of people that wanted to influence and shape the Homeland Security consulting industry for the benefit of the Federal Government and the people it serves – the American public. As the company has grown, it has remained focused on the its core values; to put the mission first, build trust with one another, be innovative, solve difficult problems, and invest in its people.

Learning by Doing: Discovering DC through an Arc Aspicio Internship

Learning by Doing: Discovering DC through an Arc Aspicio Internship

I chose to attend college in Washington, D.C. because as an eager, politically-motivated young woman, I couldn’t imagine a city with better opportunities. Now entering my final semester at the George Washington University (GWU), I realize that even my highest hopes for a life in D.C. couldn’t compare to what I found once I got here. With nearly every government agency headquartered within metro distance, there is an internship for every calling.

Letting Employees Dive In

Letting Employees Dive In

What do you want to be when you grow up? The truth of the matter is, I’ve never wanted to answer that question. I’ve never been someone who felt tied to one particular activity or career path (and I have a disgruntled high school guidance counselor who can vouch for that). What I did know coming out of college were two things: I wanted to solve problems facing our country and I wanted to continue learning.

Transforming the Acquisition Process, Together

Transforming the Acquisition Process, Together

As threats evolve, the Federal government acquisition process must keep pace and even get ahead. Federal acquisitions remain driven by systems that have been in place for decades. Challenges exist within the agencies, and between government and industry, in awarding contracts. The complex nature of acquisitions leads to higher costs, slow procurements, and sometimes minimal innovation.

Discovering Talent: My Personal Story

Discovering Talent: My Personal Story

Discovering talent with potential has been a focal point of the Arc Aspicio since its founding in 2004. As a consulting firm, Arc Aspicio is in the talent business. We invest in people at all levels (including our interns) who show promise and potential, and help them grow the skills they need to be successful in consulting (or in an internal specialty role in our fun and very busy office).