The Digital Big Bang. Phil Quade
Чтение книги онлайн.

Читать онлайн книгу The Digital Big Bang - Phil Quade страница 11

Название: The Digital Big Bang

Автор: Phil Quade

Издательство: John Wiley & Sons Limited

Жанр: Зарубежная компьютерная литература

Серия:

isbn: 9781119617402

isbn:

СКАЧАТЬ of business, societies, and global economies that operate at the speed of light means that the factors and issues that determine how and what we protect are like a living, breathing organism. It is always thinking, consuming, and growing in many different ways. First, the environment you work in is not a controlled and managed architecture of systems and software encased in a protected data center with limited exposure. From the interconnection of data platforms between organizations to the extended components of the Internet, and even through the introduction of self-learning and decision-making software, digital infrastructures and operations are affected by the speed at which the globe is connected. To further complicate these scenarios, the human element cannot be forgotten. Decisions and actions made by humans can readily and starkly change the environment you protect through a limitless number of potential social and physical interactions.

      Speed is also a critical element in the pace of change. Technology from a pure business asset perspective is often measured in years. Today, however, through the adaptation of advanced technology for criminal means, some cyberdefensive technologies may have a realistic effectiveness of only less than a year, and in some cases, days. The speed of the threat actor, your own technology environment, and your ability to defend it is entirely predicated on the speed of change. That pace of change also includes the necessary changes to our speed of making decisions. The critical actions of stopping, impeding, disrupting, and responding to cybersecurity risk and events that affect privacy in a digital world force us to make rapid and accurate decisions never required in previous decades. New methods of data acquisition and analysis for decision support are critical aspects of creating these new strategies for success in a digital age.

      This chapter focuses on strategies to understand, plan for, and affect the impact of speed on how you think about and execute your responsibilities in defending your business or agency.

      THE STRATEGIC IMPERATIVES

      You may think that to align to the change in speed, you simply have to move and act faster. Although in some cases that is true, there are better ways to approach operational acceleration and excellence in the face of dynamic change than fighting speed with more speed. How we think, act, and instrument our protection portfolio and operations are all key aspects in making this dynamic shift to operational enablement in the age of speed. The reality is that the world, technology, and threats will only continue to gain momentum, and if the only tool in your toolbox is an ability to run faster, you'll soon realize the limits of that way of thinking. Strategic imperatives such as risk, intelligence, transparency, and action-based decision making are additional tools that when learned, practiced, and mastered will create new capabilities that are far more effective and sustainable than speed itself.

      THE PURPOSE OF YOUR MISSION

      1 Understand your environment. Your success depends on your direct ability to succeed within the environment in which you operate. To do that, you need to understand your environment through transparency, knowledge, and access. This includes crucial elements such as understanding your critical assets, a holistic understanding of the resources and technology deployed through a comprehensive configuration management database (CMDB), and data flow diagrams that detail how information flows through your business. Just as important is the understanding of your third-party ecosystem, your supply chain, and how your services are in effect an integrated component of your customers' supply chains. Your ability to quickly understand the impact of any given event through this level of transparency is a fundamental component to being able to think and act quickly.

      2 Drive safely at high speed. Your business success depends on speed to market and speed to respond. Your job is to get everyone there safely. This sense of speed enablement, or acting like the brakes on the car so your business is confident to go faster, requires a mature risk process. Effective risk programs have tiers of risk considerations and actions that create broad bands of flexibility and enable decision making based on preselected and informed risk formulas that serve as guiding principles. Spending time developing those mechanisms and allowing them to mature, educating your business, and just as importantly, educating your team will empower and enable all levels of the organization to recognize and facilitate business-based risk decision making at speed.

      3 Plan ahead. Your opposition is well funded, utilizing capabilities and decisioning guiderails that are faster than yours. As in an old-fashioned gunfight, the first one to put lead on the target wins. This means that you need to be comfortable with rapid decision making based on accumulated knowledge rather than absolutes and have a “gun belt” of premade decisions, actions, and plans on your side. For instance, if you have a ransomware incident that is less than x% contained, do you shut down your data center? If you are suffering a financial crimes attack, will you call law enforcement, and if so, what agency and what is their number? Simple efforts such as tabletop exercises or defining preplanned partners significantly add to your ability to react fast in times of crisis. Prepositioned decision making agreed to by your leadership also ensures that your business will understand, support, and expect clear action and leadership from you when needed.

      4 See the big picture. You need over-the-horizon threat modeling. I think everyone would agree that seeing a speeding train coming at you is better than getting run over by one. Unfortunately, too many people concentrate too myopically on their own operating environment and never look up long enough to see the train coming down the tracks. The use of intelligence services, information-sharing partnerships, and other mechanisms that give you a view outside your business into adjacent industries, like competitors or aligned ecosystems, are great ways to measure and prepare for the potential impact of issues not yet affecting your business. This greatly enhances your time to prepare, plan, and react to situations and opportunities that too often are missed because of insular behaviors.

      5 Make the most of limited resources. Managing a business with limited СКАЧАТЬ