Cyber Strategy & Business Innovation: Integrating InfoSec Into Real Business

Transcription

1 SESSION ID: STRAT-F02 Cyber Strategy & Business Innovation: Integrating InfoSec Into Real Business Todd Inskeep CyberSecurity Strategy Booz Allen Hamilton

2 Cyber is critical across the business ecosystem SUPPLIER Product & Service Design ENTERPRISE Enterprise IT RETAIL & CUSTOMER Connected Services Supply Chain (Providers) Deliver Production Retail Product *This illustration attempts to be inclusive of all industries

3 Multiple considerations feed strategic analysis Deliverables High Future #4: Back to Basics Future #1: Efficient and Effective Conflict is prevalent and due to a large Veteran population, and a weak economy, NCA faces massive demand for historical services. NCA s budget remains flat due to a government expansion, and it has sought efficiencies. Nonetheless, it is stretched to deliver quality burial services and unable to launch new memorialization/ enshrinement-type programs. NCA has begun reusing burial plots and promoting alternative burial methods (e.g. cremation, burial at sea) to cut costs and minimize environmental impacts. These programs allow NCA to meet demand for more geographically mobile burial options. NCA s workforce is slightly larger, but a greater emphasis on manual labor and technical skills. Conflict is prevalent and the economy is strong. Veteran issues remain important to Americans. Demand for burial/interment is high, along with national interest in preserving Veterans stories and U.S. military history. Though NCA s budget is up, it has improved the efficiency of its historical services. It has also implemented enhancements (e.g. after-hours maintenance, remote burial viewings, GPS tagged headstones) to those services, and launched new memorialization-oriented programs. These new programs allow the public to access a virtual portal capturing every Veterans service history, and visit museum-like facilities colocated with NCA cemeteries. VA s workforce is larger, highly educated and technically oriented. Focus on Interment Future #3: Austerity Focus on NCA s Focus Memorialization Future #2: Strategic Reorientation The prevalence of conflict is down, but the economy is weak. With a small Veteran population, a contraction in government, and the public distracted from Veterans needs, NCA s budget is small. Facing decreased demand for historical services, NCA has cemetery upkeep, begun reusing plots, and been forced to abandon plans to implement technology-enabled efficiencies, or memorialization/ enshrinement oriented programming. Veterans who still need NCA services bear more costs (e.g. through copays) and eligibility is limited. Lacking funds to automate, NCA s workforce is similar in size to today s and manual labor oriented. Demand for NCA Services The prevalence of conflict is down and the economy is strong. Demand for historical NCA services is low due to a small Veteran population and its ability to pay for private burials, but government remains large, and NCA s budget is flat. With fewer customers to serve, NCA is focused on outreach to inform Veterans and families about burial options (through NCA or elsewhere), preserving their stories, and educating the population about U.S. military history using a similar approach to in Future #1. NCA s infrastructure is smaller and upkeep has been outsourced. NCA s smaller workforce has soft skills (e.g. customer service, research) and draws heavily on partnerships with non-profits. Low Current State Analysis Alternative Futures & Data Requirements Threat & Risk Register Organizational Design Security Requirements Long-Range Security Strategy

4 Forces, challenges and threats vary... Background Forces Cyber Challenges Threat Outlook Business Strategy Industry Trends Global Trends Tech Trends Cost Pressures Diversity of Deployed Technology Expanding Attack Surface X-as-a-Service Monitoring Scale... 1 Expanding Offensive Capability Improved Adversary Org & Process Effectiveness Cyber Espionage Becomes Normal Evolving Attack Objectives Kinetic impacts...

5 Companies should look forward deliberately Overview External Forces Business Strategy Cyber Challenges Threat Outlook Vision & Reqs Capabilities Operating Model

6 Cyber capabilities should be applicable to any can element of the business ecosystem Cyber Capabilities Cyber Strategy Business Ecosystem* SUPPLIER Product & Service Design ENTERPRISE Enterprise IT RETAIL & CUSTOMER Advanced Cyber Defense Technical Implementation & Operations applied to Supply Chain (Provider s) Delive r Connected Services Governance, Risk, & Compliance Production Retail Product *This illustration attempts to be inclusive of all industries 6

7 Capabilities are both strategic and tactical* Executive Summary Strategic Governance Talent Outreach & Engagement System & Program Mgmt Tactical Detection Next Gen Engineering Fusion & Operations Adversary Planning Response & Recovery * non-exhaustive example capabilities

8 Supported by an operating model Executive Summary Vision Core Operating Principles & Requirements Strategic Program Execution Security Program Alignment and Management - Business-wide Tactical Operations Core functional implementations (people, policy, process, technology) across distinct operating environments Internal OT External OT Biz Critical IT Non- Critical IT??? IT Cloud IT Operating Environments

9 Apply this guiding framework... to refresh your program Next week you should: Think about your organization s ecosystem; who s responsible for security? In the three months following this presentation you should: Think about the internal and external forces changing your business Review the specific threats your organization expects in the future Within six months you should: Develop a vision and requirements for your roadmap; Where does your organization need to go? 9