Download Navigating the Digital Age PDF

TitleNavigating the Digital Age
TagsOnline Safety & Privacy Computer Security Cloud Computing Threat (Computer)
File Size6.0 MB
Total Pages369
Table of Contents
                            FM-i-xii-9780996498203
ch01-001-008-9780996498203
ch02-009-016-9780996498203
ch03-017-026-9780996498203
ch04-027-032-9780996498203
ch05-033-036-9780996498203
ch06-037-042-9780996498203
ch07-043-048-9780996498203
ch08-049-056-9780996498203
ch09-057-064-9780996498203
ch10-065-070-9780996498203
ch11-071-078-9780996498203
ch12-079-084-9780996498203
ch13-085-090-9780996498203
ch14-091-098-9780996498203
ch15-099-106-9780996498203
ch16-107-114-9780996498203
ch17-115-120-9780996498203
ch18-121-128-9780996498203
ch19-129-136-9780996498203
ch20-137-142-9780996498203
ch21-143-150-9780996498203
ch22-151-156-9780996498203
ch23-157-162-9780996498203
ch24-163-168-9780996498203
ch25-169-176-9780996498203
ch26-177-184-9780996498203
ch27-185-192-9780996498203
ch28-193-204-9780996498203
ch29-205-212-9780996498203
ch30-213-218-9780996498203
ch31-219-228-9780996498203
ch32-229-234-9780996498203
ch33-235-242-9780996498203
ch34-243-248-9780996498203
ch35-249-254-9780996498203
ch36-255-260-9780996498203
ch37-261-266-9780996498203
ch38-267-274-9780996498203
ch39-275-280-9780996498203
ch40-281-288-9780996498203
ch41-289-294-9780996498203
ch42-295-300-9780996498203
ch43-301-306-9780996498203
ch44-307-312-9780996498203
ch45-313-318-9780996498203
ch46-319-324-9780996498203
CP-325-356-9780996498203
                        
Document Text Contents
Page 1

THE DIGITAL AGE
T H E D E F I N I T I V E C Y B E R S E C U R I T Y G U I D E

F O R D I R E C TO R S A N D O F F I C E R S

Page 2

NAVIGATING THE DIGITAL AGE:
The Defi nitive Cybersecurity Guide

for Directors and Offi cers

Published by

Page 184

171 ■

Booz Allen Hamilton – Bill Stewart, Executive Vice
President; Sedar LaBarre, Vice President; Matt Doan,
Senior Associate; and Denis Cosgrove, Senior Associate

Developing a cybersecurity
strategy: Thrive in an evolving
threat environment

The Internet and ‘always on’ connectivity is transforming
how we live, work, and do business. Game-changing
technology, powered by our increasingly connected soci-
ety, offers more effi cient workers, new revenue streams,
and stronger customer relationships. Technology is not
optional; it is a core business enabler. That means it must
be protected.

Cybersecurity was once widely considered just another
item in a long list of back-offi ce functions. Vulnerability
patching? Device confi guration? These were IT problems
for the IT team to worry about. However, that has
changed. A series of high-profi le cybersecurity attacks—
from Stuxnet to Target—demonstrate that cybersecurity
represents a business risk of the highest order. The C-suite
and board are taking notice.

However, as cybersecurity makes its way onto the
executive agenda, it is simultaneously time to rethink
our strategies. The ‘Internet of Things’ is more than a
fad. Suddenly, and increasingly, everything is connected.
Business leaders get it: to fend off emerging players
and ensure market competitiveness, companies are re-
architecting their business models around this concept.
It will drive success. It also requires new cybersecurity
strategies that take a broader view of risk. Developing
strategies that recognize risk beyond back-end IT sys-
tems is critical, to include products, customer interfaces,
and third-party vendors. Above all, the new challenges
in cybersecurity demand an organizational-wide
approach to protecting, and ultimately enabling, the
business. It is time to cast the net wider, and more effec-
tively, than ever before.

Page 185

■ 172

COMPREHENSIVE APPROACH TO CYBERSECURITY

3. Product/service development: the research,
design, testing, and manufacturing
environments for your products and
services

4. Customer experience: the operational
realms where customers use and interact
with your products or services

5. External in� uencers: all external entities
that affect how you guide your business
to include regulators, law enforcement,
media, competitors, and customers.

A cybersecurity strategy at this scale requires
enterprise-wide collaboration. It will take
the whole organization to manage cyber
risk, so it is imperative to cast a wide net
and include representatives from across
business units in strategy formulation dis-
cussions. It requires a multidisciplinary
team effort to develop a security strategy
that refl ects the scale and complexity of the
business challenge.

■ Elements of cyber strategy at scale
Building a cybersecurity strategy can seem
overwhelming, but it doesn’t have to be.
Start with a vision, understand the risk,
identify controls, and build organizational
capacity. Every element builds on each other.

1. Set a vision: It all starts with a creative
vision. It’s critical to paint a high-level
landscape of the future that portrays
how cybersecurity is intertwined with
the most critical parts of your business.
Think about the how value is created
within your company. Is it a cutting-edge
product? Is it by delivering world-class
customer service? Craft a short story on
how cyber protects and enables that.

2. Sharpen your priorities: You have
limited resources, just like every other
company. You can’t protect everything, so
you better be certain you’re focusing on
the most critical business assets. The fi rst
step is to fi gure out what your company
determines to be its ‘crown jewels.’ Once
you’ve defi ned what truly matters, it’s
time you evaluate how exposed—or
at-risk—these assets are. That will give

■ The value of getting cybersecurity right
An effective cybersecurity strategy must
start with placing it in the context of the
business—what your company uniquely
provides as products or services really deter-
mines how to approach the challenge. For
old-school IT security hands, this is a differ-
ent way of thinking. It means getting out of
the IT back offi ce and learning the nuances
of what makes the business go. Take the
view of the CEO and board. It isn’t just that
it is the right thing to do or because compli-
ance matters. There are more meaningful
answers to uncover.

The right cybersecurity strategy is guided
by two related considerations: (1) ‘How does
cybersecurity enable the business?’ and
(2) ‘How does cyber risk affect the business?’
From this perspective, cybersecurity breaks
out of its technical box and IT jargon. It
focuses on competitive advantage, and it
positions cybersecurity as an enabler and
guarantor of the core business, whatever
business you’re in. If done right, cybersecu-
rity helps drive a consistent, high-quality
customer experience.

■ It takes an enterprise
A cybersecurity strategy grounded in your
unique business ecosystem will quickly
reveal what must be protected. Enterprise IT
still matters; it moves, analyzes, and stores
so much of your business-critical data.
However, a cybersecurity strategy must now
go further. Your industry should shape the
fi ne-tuning of the scope here, but we can boil
the components of your ecosystem ‘map’
down into several key features:

1. Enterprise IT: the back-end technology
infrastructure that facilitates company-
wide communications; processes, stores
corporate, and transfers data; and enables
workforce mobility

2. Supply chain: the fl ow of materials
and components (hardware and
software) through inbound channels
to the enterprise, where they are
then operationalized or used in the
development of products and services

Page 368

CONTRIBUTOR PROFILES

SecurityRoundtable.org 355 ■

Forum’s engagement with governments and
business leaders in Europe and Central Asia,
was in charge of developing the Forum’s
global public sector outreach strategy on
various projects on cyberspace, including
cyberresilience, data, digital ecosystem, ICT
and competitiveness, and hyperconnectivity.
Before joining the Forum, Mr. Kerimi worked
with the United Nations Offi ce on Drugs and
Crime/Terrorism Prevention Branch, the
Organization for Security and Cooperation
in Europe, the International Organization for
Migration, and other international and
regional organizations.

ELENA KVOCHKO
Cyber Security Strategist

Elena Kvochko is currently head of global
information security strategy and imple-
mentation in the fi nancial services indus-
try. Previously, she was Manager in
Information Technology Industry at World
Economic Forum, where she led global
partnership programs on cyber resilience
and the Internet of Things and was respon-
sible for developing relationships with top
information technology industry partners.
Prior to her position at the Forum, she
worked as Information and Communication
Technology specialist at the World Bank.
Ms. Kvochko focused on a portfolio of pro-
jects aimed at leveraging ICT for economic
growth and transparency in emerging
economies.

Ms. Kvochko is an author of numerous
publications and reports and has contribut-
ed to Forbes, the New York Times, and Harvard
Business Review.

Individual Contributor

ROBERT (BOB) F. BRESE
Former Chief Information Offi cer, U.S.
Department of Energy
Email [email protected]

Robert (Bob) F. Brese is a Vice President and
Executive Partner with Gartner, Inc., the
world’s leading information technology
research and advisory company. He brings
his recent, real-world Federal CIO experi-
ence to provide IT leaders with insight on
their most pressing issues and their most
thrilling business opportunities. Most
recently, Mr. Brese was the Chief Information
Offi cer (CIO) for the U.S. Department of
Energy (DOE), whose national laboratories,
production facilities, and environmental
cleanup site missions span open science to
nuclear security. Mr. Brese led DOE’s policy,
governance, and oversight of more than
$1.5 billion in annual IT investments, as
well as DOE’s key initiatives in open data,
cloud computing, and energy-effi cient IT
strategies. Mr. Brese also served as the
Department’s Senior Agency Offi cial for
Privacy and for Information Sharing and
Safeguarding. A leader in the U.S.
Government’s cybersecurity community, Mr.
Brese was a key contributor to the
Administration’s efforts in cyber legislation;
policy; cybersecurity technology research,
development and deployment; and in the
cybersecurity protection of the country’s
critical infrastructure.

Similer Documents