Cybersecurity: Don’t Forget the Management Fundamentals

Cybersecurity: Don’t Forget the Management Fundamentals

Cybersecurity: Don’t Forget the Management Fundamentals

 
Advances in tooling, education, and job training provide organizations with the opportunity to advance their own cybersecurity programs.

If not impenetrable, they are at least harder to breach and therefore a less attractive target than the next organization. It may be tempting to assume new tools solve problems and erase or lessen the need to understand management fundamentals as they apply to cybersecurity. Instead, it is vital to consider how effective cybersecurity depends on management fundamentals, especially on sound resource allocation.

One of the most important skills a successful businessperson cultivates is the ability to properly allocate resources to achieve maximum results. Resource allocation decisions vary according to many factors, but the decision-making process is crucial, if not dependent on the business environment. Often, but not always, governed by business needs, cybersecurity programs are constrained by limited resources facing potentially unlimited threats.

Resource allocation decisions are especially acute given the asymmetric nature of cyber-warfare: relatively small numbers of attackers successfully penetrate enterprises that have dramatically more resources and equipment. The decisions for allocating cybersecurity program resources must be driven by a sound process that includes risk assessment, leading to a risk-based allocation of resources.

One approach to allocating resources according to risk begins with documenting every step, process, piece of equipment, or software between computer hosts and people at each end of a transaction. In this case, you might consider one attack scenario a “transaction.” Draw it out and consider where vulnerabilities might be (all of them…there will be a lot), which ones are mitigated already (hopefully, also a lot), what systems and applications are already hardened, where security tooling can apply, how and where people are trained (everyone should be trained according to their role), and where gaps exist. In practice, this process can be complicated. Organizations may not be able to map the transaction process from end to end, and it may extend beyond their networks. Think about it conceptually, then divide the concept into manageable chunks (mobile, perimeter, internal, training, etc.). Taking small steps in the aggregate builds a holistic program and injects expert knowledge of likely risks.

Sometimes it is worthwhile to pass up new capabilities and apply resource elsewhere to reduce risk.

For example, a Chief Information Security Officer of a large multinational company had new information technology assets popping up “like popcorn” because the company was continually acquiring smaller companies. In these cases, an external threat can become an insider threat very quickly. These threats may not be detected applying advanced data analytics to system logs or behavior – there is not enough data yet. Countering that threat requires a rigorous onboarding checklist and procedure for IT assets, and personnel to identify a threat before any trend analysis would have been feasible. In this context, fundamental best security practices apply over a bleeding edge technical solution.

Contributors

* Arc Aspicio |

Arc Aspicio is a management, strategy, and technology consulting firm that takes a mission-oriented approach to complex client challenges. Focused on innovation, Arc Aspicio provides services in strategy, design, human capital, operations, analytics and visualization, technology and information sharing. The company is known for a strong, collaborative culture that values gratitude, provides leadership opportunities, and explores the future. Our teams take a human-centered approach to working with clients and are flexible and responsive within dynamic Government client environments where missions evolve and new priorities arise sometimes even daily. We thrive on these situations and promote continuous improvement and new ideas. And, #welovedogs! Follow us on Twitter @arcaspicio or learn more at www.arcaspicio.com.

Lynn Ann Casey / Chief Executive Officer info@arcaspicio.com 703.465.2060

Launching into #Action Through Strategy

Launching into #Action Through Strategy

As a new employee, your first company-wide meeting can make you nervous. This was how I felt.

Arc Aspicio’s recent Strategy Launch Day was so well planned and it involved participants so that I learned that I had nothing to worry about! The company treats each employee equally and equips even the newest joiners with the information and skills they need to have a meaningful experience

What Being a Consultant Means to Me

What Being a Consultant Means to Me

As a Consulting Associate at Arc Aspicio, I provide expertise and insight to help clients solve difficult problems. To be successful, a consultant does not need only to be a subject matter expert on their client’s industry and needs - though this often ends up happening over time.

Captivate Your Audience Through Design+Data

Captivate Your Audience Through Design+Data

So often, senior leaders must communicate their strategic and simple vision in a world of growing complexity. They must make decisions – and frequently explain them – based on an enterprise view of their data. It’s getting easier to do this these days through data visualizations and infographics that speak to specific employee and stakeholder audiences. Design+Data is what we call it at Arc Aspicio.

Chief Data Officers: Six Steps to Manage Data as an Enterprise Asset

Chief Data Officers: Six Steps to Manage Data as an Enterprise Asset

With an exponential increase in the types and quantities of data, organizations need defined strategies and techniques to manage data as an enterprise asset. To create enterprise-wide use of data, a Chief Data Officer (CDO) needs a clear data agenda for leadership and the whole organization to address current and future needs. CDOs should follow this six-part data plan to achieve short term capability gains and plot a path to greater enterprise data maturity.

Securing Cyberspace: Agile Strategy to Counter Changing Threats

Securing Cyberspace: Agile Strategy to Counter Changing Threats

Cybersecurity, managing and protecting computer systems from attacks, is evolving just as quickly as the techniques hackers use to cause damage. Historically, the public and private sectors believed that stronger technology and more advanced computer systems alone were enough to prevent attacks. As new trends emerge and the technologies used to both conduct and prevent hackings improve, cybersecurity strategies must remain agile, trying new tactics to counter changing threats.

Hacking Back – Do the Benefits Outweigh the Risks?

Hacking Back – Do the Benefits Outweigh the Risks?

With the increased frequency and sophistication of cyber-attacks worldwide, companies and executives are becoming frustrated with a traditional focus on defensive tactics. As a result, some private sector actors are taking a more active role in cybersecurity by “hacking back” – hacking against the very groups that are attacking their systems in retaliation or to retrieve stolen data. As hacking back rises in popularity, it is important to consider a number of political and legal issues and the risks to counter-terrorism efforts.

LeadersNest Names Lynn Ann Casey a FedFem Award Honoree

LeadersNest Names Lynn Ann Casey a FedFem Award Honoree

Washington, DC, October 19, 2018 — LeadersNest named Arc Aspicio CEO Lynn Ann Casey a FedFem Award Honoree. The FedFem awards salute high-impact women executives and leaders of the government contracting community. FedFem Award Honorees blend their entrepreneurial courage and Federal government support that effectively impacts the industry, national economy, and the local marketplace. 

Boosting the Mission: Developing Acquisition Requirements Guidance

Boosting the Mission: Developing Acquisition Requirements Guidance

To keep up with the fast pace of change in the field of Government acquisitions, Department of Homeland Security (DHS) components are developing their own acquisition requirements (AR) policies. However, without specific timeframes to finalize these policies, DHS agencies often lack guidance on how to develop ARs. Among DHS agencies, the U.S. Coast Guard is leading the way with their own formal policy to describe this process. To compliment the U.S. Coast Guard’s policy, DHS created the Joint Requirements Integration and Management System (JRIMS) to offer direction for agencies—to review, validate, and suggest solutions for capability gaps and requirements.

Top Qualities of Design Thinking Leaders

Top Qualities of Design Thinking Leaders

Design Thinking is on the rise in the business world. Design Thinking leaders focus on creating the best product for their clients and working with the experiences and insight of fellow coworkers. Some of the key characteristics of Design Thinking leaders present themselves in individuals who are open and subject themselves to vulnerability with clients and coworkers. These qualities help leaders to connect and build relationships with others. They also create an open flow of communication that allows for others to better share their knowledge to align with and understand the company's mission.

Think, Key, Speak: Purposeful Communications

Think, Key, Speak: Purposeful Communications

I spent the early years of my career in the United States Navy as a Naval Flight Officer on the E-2C Hawkeye, the Navy’s aircraft carrier-based Airborne Early Warning and Command and Control platform. The various missions of the aircraft demand that aircrew monitor up to ten radio frequencies, and actively speak on three or four of those, at any given moment in flight.