Cybersecurity: Don’t Forget the Management Fundamentals
Insights / Blog

Cybersecurity: Don’t Forget the Management Fundamentals

Cybersecurity: Don’t Forget the Management Fundamentals

 
Advances in tooling, education, and job training provide organizations with the opportunity to advance their own cybersecurity programs.

If not impenetrable, they are at least harder to breach and therefore a less attractive target than the next organization. It may be tempting to assume new tools solve problems and erase or lessen the need to understand management fundamentals as they apply to cybersecurity. Instead, it is vital to consider how effective cybersecurity depends on management fundamentals, especially on sound resource allocation.

One of the most important skills a successful businessperson cultivates is the ability to properly allocate resources to achieve maximum results. Resource allocation decisions vary according to many factors, but the decision-making process is crucial, if not dependent on the business environment. Often, but not always, governed by business needs, cybersecurity programs are constrained by limited resources facing potentially unlimited threats.

Resource allocation decisions are especially acute given the asymmetric nature of cyber-warfare: relatively small numbers of attackers successfully penetrate enterprises that have dramatically more resources and equipment. The decisions for allocating cybersecurity program resources must be driven by a sound process that includes risk assessment, leading to a risk-based allocation of resources.

One approach to allocating resources according to risk begins with documenting every step, process, piece of equipment, or software between computer hosts and people at each end of a transaction. In this case, you might consider one attack scenario a “transaction.” Draw it out and consider where vulnerabilities might be (all of them…there will be a lot), which ones are mitigated already (hopefully, also a lot), what systems and applications are already hardened, where security tooling can apply, how and where people are trained (everyone should be trained according to their role), and where gaps exist. In practice, this process can be complicated. Organizations may not be able to map the transaction process from end to end, and it may extend beyond their networks. Think about it conceptually, then divide the concept into manageable chunks (mobile, perimeter, internal, training, etc.). Taking small steps in the aggregate builds a holistic program and injects expert knowledge of likely risks.

Sometimes it is worthwhile to pass up new capabilities and apply resource elsewhere to reduce risk.

For example, a Chief Information Security Officer of a large multinational company had new information technology assets popping up “like popcorn” because the company was continually acquiring smaller companies. In these cases, an external threat can become an insider threat very quickly. These threats may not be detected applying advanced data analytics to system logs or behavior – there is not enough data yet. Countering that threat requires a rigorous onboarding checklist and procedure for IT assets, and personnel to identify a threat before any trend analysis would have been feasible. In this context, fundamental best security practices apply over a bleeding edge technical solution.

Blog Risk Management Cybersecurity Technology

Contributors

Arc Aspicio |

Arc Aspicio enhances the future of our nation by creating bold ideas and bringing them to life. A consulting and solutions company, Arc Aspicio solves problems by applying our integrated capabilities in strategy, design, data, human capital, behavioral science, and technology. The company passionately pursues our vision to be the hub of creativity where people take action to change the world. To do this, employees collaborate with clients and partners to create solutions using a human-centered approach. Innovation is not possible without action. The company focuses on strategy first, then takes a hands-on approach implementing ideas to achieve results. Join Arc Aspicio and our Strategy Innovation Lab (SILab) by creating and sharing ideas to inspire people to change the world. Follow us on Twitter @ArcAspicio @SILabDC and, #welovedogs!

Meet Arc Aspicio  |  View all Insights by Arc Aspicio

GSA Awards Arc Aspicio OASIS+ WOSB Contract

GSA Awards Arc Aspicio OASIS+ WOSB Contract

Arlington, VA, October 18, 2024 – GSA awarded Arc Aspicio the OASIS+ Woman-owned Small Business (WOSB) Indefinite Delivery/Indefinite Quantity (IDIQ) contract. A Government-wide contract vehicle, OASIS+ WOSB allows Arc Aspicio to competitively bid on opportunities to provide Federal government agencies with complex non-IT service requirements for the next 10 years, with no ceiling value and no cap on orders. Click to read more.

Arc Aspicio
Smithsonian Institution Awards Arc Aspicio Consulting Services Contract

Smithsonian Institution Awards Arc Aspicio Consulting Services Contract

Arlington, VA, August 20, 2024 – The Smithsonian Institution selected Arc Aspicio as one of 11 firms on a 10-year Indefinite Delivery Indefinite Quantity (IDIQ) contract. This contract enables Arc Aspicio to provide the world’s largest museum, education, and research institution with services that support its transformation of learning and discovery – in person and digitally. Click to read more.

Arc Aspicio
Arc Aspicio Celebrates 20th Anniversary Serving the Government

Arc Aspicio Celebrates 20th Anniversary Serving the Government

Arlington, VA, August 6, 2024 – Arc Aspicio announced its 20 years of service to the Federal government in solving complex challenges as they serve the American public through innovative consulting and professional services. Starting with an intense focus on homeland security, where it supported 154 projects for the Department of Homeland Security (DHS) and its agencies, the company has expanded into justice and law enforcement, museums and education, and serving non-profit organizations. Click to read more.

Arc Aspicio
Seeing is Believing: Design+Data in Leadership Decision Making

Seeing is Believing: Design+Data in Leadership Decision Making

In an era of data abundance, Federal agencies face the challenge of distilling vast amounts of complex information into actionable insights. To unlock the potential of data to inform strategic decision-making and policy and program implementation, traditional information presentation methods may fall short, occasionally leaving federal leaders without actionable insights.

SILab
, , , ,
Equity in Emergency Management: How Behavioral Science Can Help Support Preparedness and Disaster Response

Equity in Emergency Management: How Behavioral Science Can Help Support Preparedness and Disaster Response

In recent years, there have been many challenges driven by climate change that pose significant threats to our nation’s safety and security. More frequent and severe weather events continue to devastate communities around the world, even making some places uninhabitable.

SILab
, , , , ,
Innovation and Ideation for Success: Innovation Labs

Innovation and Ideation for Success: Innovation Labs

Internal Innovation Labs are key to enhancing innovation and collaboration in Federal agencies. They allow employees the opportunity to engage in creative processes, such as brainstorming, design thinking, and creativity, which create solutions and spur innovation. These techniques allow organizations to solve complex problems and implement solutions efficiently.

Haley Hageny
, , ,
Chief Executive Officer Lynn Ann Casey Named Outstanding Leader in 2024 Engage Homeland and National Security Honorees

Chief Executive Officer Lynn Ann Casey Named Outstanding Leader in 2024 Engage Homeland and National Security Honorees

Arlington, VA, November 7, 2023 – OrangeSlices has named Arc Aspicio Chief Executive Officer (CEO) Lynn Ann Casey as an outstanding leader in the 2024 Engage Homeland and National Security Honorees. This honor recognizes leaders who are driving real and measurable change in the way government and industry collaborate, sharing their insights and expertise for the betterment of all, and driving forward the key missions of the Federal government. Click to read more.

Arc Aspicio
,
Good Data, Bad Data: The Value of Data Quality in Homeland Security

Good Data, Bad Data: The Value of Data Quality in Homeland Security

Homeland Security is a complex mission, one that is both vast in scale and broad in scope, and this creates a large volume of data that can help provide insight into operations and strategic decisions. From disaster preparedness to counterterrorism, Federal employees rely heavily on an abundance of data to assess problems accurately and implement effective solutions.

Michael Finnegan
, , ,
Transforming Government: The Road to Agile and Customer-Centric Modernization

Transforming Government: The Road to Agile and Customer-Centric Modernization

The Federal government has been making significant strides in technology modernization, shifting its focus from addressing only the most critical needs to becoming more agile, customer-centric, and innovative. As government agencies transition from an era dominated by the necessity of migrating their data and applications to cloud-based platforms, mission leaders are now turning their attention to emerging technologies like data visualization, customer experience improvement, low-code software tools, and artificial intelligence (AI).

Rob O'Keefe
, , ,
Arc Aspicio Reappraised at CMMI-Services Maturity Level 3

Arc Aspicio Reappraised at CMMI-Services Maturity Level 3

Arc Aspicio achieved its second Capability Maturity Model Integration Services (CMMI-SVC) Level 3 Certification on September 29, 2023. CMMI is a Model that is used to guide process improvement across projects, divisions, and organizations. Arc Aspicio uses CMMI, a process level improvement training and appraisal program recognized for Government and commercial clients, as an indicator of high-quality performance.

Arc Aspicio
The Link Between Innovation and Collaboration

The Link Between Innovation and Collaboration

Intentional collaboration can be the difference between simply completing a task and using innovative ideas to drive long-lasting change. When people come together to share their insights and perspectives, Government agencies can thrive and instill a culture where leaders engage with and listen to employees. In turn, these environments lead to more commitment from employees, as well as better Government agency relationships that help promote working towards strong solutions.

SILab
, , ,
Design Thinking Techniques to Enhance the Online Meeting Experience

Design Thinking Techniques to Enhance the Online Meeting Experience

According to the Harvard Business Review, the average worker has attended 13.5% more meetings since the COVID-19 pandemic, with many held online. Given the Federal government’s partial shift to remote work when feasible, it is increasingly important to consider how teams can enhance the effectiveness and engagement of online meetings.

Sophia Vener
, , , , ,
From Resistance to Acceptance: All Management is Change Management

From Resistance to Acceptance: All Management is Change Management

Effectively navigating organizational changes within Federal agencies requires understanding the unique dynamics of the Federal context, strong leadership communication, culture development and stakeholder engagement and collaboration. Continuous evaluation and proactive management of resistance to change is important.

Arc Aspicio
, , , ,