The Cyber-Savvy Organization: 10 Steps to a New Cyber Mission Discipline

1. The Cyber-Savvy Organization: 10 Steps to a New Cyber Mission Discipline May 2010

3.  Expand Security Beyond ITSecurity as usual is security at risk. If cybersecurity is treated as an IT-only concern, such misperceptions could erode the cyber infrastructure over time and limit government to only incremental gains. Get everyone — CFO, CHCO, CAO, CIO, CISO, CTO, program leads, and others — at the table to back the business case, choose priorities, and drive change in their departments.

4.  Treat Data as a TargetGovernments make attractive targets, prized for their vast stores of information, exploited for competitive, monetary, or adversarial advantage by organized cyber criminals and hostile nations. Understand the value of all your assets and quantify the potential implications of your priorities. No matter how your organization aims to strengthen its cyber posture — protect what matters most to the mission and preserve the public’s trust.

5.  Set Cyber Performance GoalsA cyber governance framework helps leaders see what cyber initiatives are successful — the first step toward establishing a performance-oriented, results-focused approach. Government organizations that can see what’s valuable to their people and programs will shorten their learning cycle and drive lasting change.

6.  Automate Cyber ProcessesEmbrace real-time prioritization and process automation to lock in efficiencies. Using existing technology to minimize costs, lag times, and disruption. Create a disciplined, repeatable, controls-based approach to reduce redundancy and rework and to free up resources to focus on the mission.

7.  Expand Identity ManagementKnow who you’re dealing with online without having to credentialeveryone. An identity credential and access management (ICAM) framework empowers agencies to protect personal identities and privacy as well as physical and “digital” facilities. As the agency grows, ICAM lets you expand partnerships and add services without more layers of security or more cost.

8.  Cultivate Cyber LeadershipCISOs, CTOs, and CIOs must become change agents to drive momentum in cyber initiatives. As agencies choose their own cyber leaders (or teams), it may not be who you expected. Look beyond functional and technology expertise when vetting new leaders — people and change management are critical to getting big things done.

9.  Manage RiskAll roads lead back to risk. Strong controls in one area don’t count if you are vulnerable somewhere else. A 360-degree view of your organization’s risks helps all departments make better decisions, set priorities, manage investments, and measure results. Risk-based decision support helps enhance security and improve performance, while lowering costs.

10.  Move to a Faster TempoAgencies must hone situational awareness. Develop predictive tools to synthesize threat intelligence and quickly translate into actionable operations around current and emerging risks. More than just speed, a cyber-savvy government organization is agile — whether it’s tackling changing cyber threats or agency missions.

11.  Cultivate Workforce ResiliencyDedicate resources to enhance the awareness and level of vigilance of the workforce to recognize the potential risks, threats and vulnerabilities when working in cyberspace. Develop a cyber-savvy workforce that is cognizant of their own actions and activities that could pose a risk working in cyberspace and recognize the patterns of behavior of others who could risk exploiting assets and information

12.  Define Your Enterprise BroadlyBaseline who is working for you and with you — from employees to contractors. Think outside your network, too. Cyber-deterrence compels agencies and nations to establish public-private partnerships with new, non-traditional partners. Follow the flow of information in- and outside of your organization to identify vulnerabilities; strengthen every link in the chain.

13. Questions?