This week on NVTC’s blog, Dr. Didier Perdu of LMI discusses the challenge of ever changing cybersecurity and how leaders should address it.
Organizations used to learn to adjust to complexity. Today, they are trained to expect it. Yet, cybersecurity is transforming so quickly that demand for validated models and techniques is outpacing supply, leaving a staggering number of unprotected systems.
Security practitioners have very limited interaction with other disciplines, which leaves many senior business leaders unaware of the mechanisms available to mitigate risks. And security mechanisms are only effective when they are implemented correctly, operate as intended, and produce the desired outcome. Here are two key things for senior leaders to keep in mind about implementing security controls.
1. Manage the Change
Implementation of security controls requires change. This means new processes may need to be established, existing procedures may need to be changed, or additional information may need to be collected and managed. Regardless, change often has some policy implications that impact how the organization conducts its business.
Understanding the extent to which your current environment needs to change in order to address your security considerations is key to developing a transition plan. Getting an artifact, visual, or any physical piece of information from your enterprise architecture will help you understand how to address such concerns as media protection, personnel security, system and information integrity, or access control policy.
2. Create an “Ecosystem” for Security
To adequately protect your information and information assets, security must become part of your organization’s fabric and culture. By integrating security with your organization’s information technology management disciplines, such as strategic planning, capital planning and investment control, enterprise architecture, and system development lifecycle, you ensure that security investments are properly vetted and align with your organization’s business direction.
Enabling business people to specify what controls are needed at what step in their processes reduces resistance to change and increases the likelihood of successfully implementing new security measures.
Whether your organization is a civil or defense agency, you can benefit from taking an analytical approach to understanding and assessing the performance of your enterprise’s cyber security.
Dr. Perdu works in the Information Management Group with the Enterprise Architecture team, refining the LEAP methodology, and contributing to enterprise architecture related tasks. He holds a Ph.D. in Information Technology from George Mason University and a Master of Science in Technology and Policy from MIT. During his career he has sought to use Enterprise Architecture beyond just compliance and apply it to solve a variety of business issues faced by an enterprise. Cybersecurity is one of these challenges.