A Cybersecurity Strategy is a high level plan to achieve one or more goals under conditions of uncertainty in cybersecurity. <sub>In this historical account of how the Cybersecurity Strategy developed and now its adopted definition, this Strategy is described for purposes of documenting how government, and companies approach the cybersecurity problem. Cybersecurity is covert by nature, but this article reveals the strategic approach that has developed, and is widely used, even though you may not be able to 'Google' it. None of this is propriety in nature, and since it is a measurement process, which is a standard, not a defense methodology, it holds no secrecy or drives no interests of any company or product.</sub> A 'Cybersecurity Strategy' is used as a phrase in this instance. The Cybersecurity Strategy is a high level plan, or approach, that provides the framework for a Strategy used in managing risk on a companies cybersecurity defenses. Using this design, companies can develop a Tactical plan. This strategy is widely used, to simplify the understanding of the process and components of managing their risk. The core function is 'Measurement', Background :Many Cybersecurity solution providers (CSP), have emerged providing various solutions to combat an array of cyber attacks. :Initially there was a lot of emphasis on an all inclusive solution using technology, which later changed to incorporate social engineering, the human behavior element, only in the 5 years, leading up to 2015. This was because of the trend of successful cyber attacks being initiated by taking advantage of security flaws in user behavior, and the inability to solve that problem with a technical solution. It became necessary to identify and measure all the aspects of the cybersecurity problem. A high level plan developed by breaking down the process in to simple steps to identify and measure capability as part of a maturity plan. This strategy is described as a Cybersecurity Strategy. Cybersecurity Strategy :The Cyber Security Strategy defines and provides direction to make decisions and allocate resources, and provides control mechanisms for the implementation of the strategy. :Guided by NIST Standards, the NIST core functions; Identify, Protect, Detect, Respond, and Recover, an emphasis on Identify, by awareness and measurement, against the more recent standard Capability Maturity Model Cybersecurity (CMM) :CMM Cybersecurity evaluates NIST profiles of ‘as is’ and ‘to be’ using more stringent than the NIST tiers, aware, repeatable, and adaptive. CMM uses, initial, repeatable, defined and measured, managed, and self-optimizing. :The ongoing cycle definitions of the Cybersecurity Strategy (Fig. 1) are; :* Situation Awareness Study :* Data gathering using CS5L :* Measurement using the Capability Maturity Model CMM Cybersecurity standard :* Vulnerability mapping using NIST standards and ISO/EIM 27K standards :* Regulatory compliance check and planning :* Risk Management, planning and risk management including incident mitigation The Cyber Security Strategy is a framework to determine gaps and to measure, from which a tactical plan can be developed. In military terms the strategy is how we plan our defenses. The tactical plan is how we implement and perform it. :In practice, companies have various vendors that provide security, most of which participate in providing data, have system interfaces and are able to supply iterative answers to their layout of defense, sometimes spanning more than one areas or layouts. :The five layouts cover the general areas known at this time, and the strategy model formalizes measurement of each, and facilitates a road map to improve by using capability maturity modeling. (CMM) :This way we identify security risks, address them, and have a plan to improve going forward, whilst maintaining a record of such. :Measurement fits into a complete 'mature' defense approach. :A ‘mature’ cyber security defense includes a cycle of before and after processes to the data gathering CS5L and measurement CMM, namely, before, a situation awareness study (largely a self study), and after, vulnerability and compliance mapping and risk management. The CS5L CMM framework is developing quickly into a measurement standard, this is the groundwork of the complete cycle. The CS5L, Cybersecurity 5 Layout model can be found at, CS5L CMM Cybersecurity defense
|
|
|