54 F
Fort Worth
Wednesday, December 2, 2020
Government Cybersecurity mindfulness: Living with the risk and staying above the fray

Cybersecurity mindfulness: Living with the risk and staying above the fray

Other News

Tarrant County DA’s office changing how it handles misdemeanor marijuna cases

The Tarrant County Criminal District Attorney’s Office is changing how it handles misdemeanor marijuana cases. The Tarrant County  Criminal District Attorney’s Office on Monday, Nov....

Arlington selects new police chief from Baltimore department

Col. Al Jones, a 25-year veteran of the Baltimore County Police Department, has been appointed the new police chief of the the City of...

Family of Black woman shot through window sues Texas officer

FORT WORTH, Texas (AP) — Family members of a Black woman who was killed when a white police officer fired through a window of...

Law firm offers free estate plans for health care workers during pandemic

Fort Worth attorney Erik Martin says he felt compelled to find a way for his law firm to join the effort to support frontline...

National Institute of Standards Cybersecurity Framework

www.nist.gov/cyberframework

Over the past five years we have seen a fundamental shift in the cyber threat landscape. The news is filled with examples of how companies are having their data stolen or their systems disrupted. Over the coming years we will see the next evolution of cyber threats. The explosion of the Internet of Things, increased connectedness, business reliance on technology and data sprawl will create significant exposure for most industries.

Even with this increasing exposure, a breach or harm event does not have to be inevitable. There are ways to position your organization in preventing a major cyber breach or disruption of services.

An organizational culture that recognizes cybersecurity as a business imperative is a great way to improve security program performance. Moving toward a culture that is both strategically and operationally sensitive to cybersecurity needs is a significant change for any company. An organizational philosophy that is responsive to this culture and mindset change and has been effective within industries that deal with life safety is the “high reliability organization”.

High reliability organizational principles have the potential to create a culture of “cybersecurity mindfulness”. If we applied these principles and mindfulness to a cybersecurity program it would have these characteristics.

• A preoccupation with the failure of cybersecurity controls.

• Reluctance to simplify interpretations of risk exposure and threat data.

• Active observation, situational awareness and engagement of leaders and stakeholders within the cybersecurity program.

• Recognizing that cybersecurity is a business imperative and the need for the building of resiliency within the business to support that imperative.

• Listening to and involving subject matter experts from across the business.

• The creation of transparency, trust and accountability with a focus on continuous learning.

• The sharing of cybersecurity best practices and threat information with other businesses and industries.

Driving high reliability principles within the business and its cybersecurity program is no easy task. It is a cultural shift that can take years to take hold. There are some activities that I believe can make an immediate impact and have the potential for creating positive stakeholder engagement and the planting of seeds for a successful program.

Having a risk management program for cybersecurity that fully inventories risk and identifies the most significant cyber threats to the business can be extremely helpful. When addressing inventorying risk, it is best to start with an inventory of all your data and assets as well a security control framework. The National Institute of Standards Cybersecurity Framework is a great place to start. Evaluating your environment against these sets of controls can help you better understand your cyber weaknesses.

Cybersecurity controls do not mean much unless you understand the threats that are most relevant to your industry and business. Performing threat event and scenario walkthroughs and collaborations is an excellent approach to developing a common understanding of the most probable and harmful cybersecurity incidents. The output of this collaboration would be a scenario catalog that would be linked to both cybersecurity risk management and operational activities. This approach and the bridging of operations and risk management helps create a collective understanding across all stakeholder groups. By bridging operations and risk management, there is a direct signaling structure that allows leadership to set risk tolerance into operations and for operations to signal effectiveness back to leadership.

Building a plan that is prepared for today and the future can be a daunting task for any organization. As stated earlier, cyberattacks are going to become much more complex in the future. To be prepared, organizations will need to think differently. “Living with cyber risk” will become the norm. Traditional risk registers will need to transform into risk portfolios where good and bad risk can co-exist together for effective management of trade-off decisions. Cybersecurity programs will need to transform into high reliability programs that can adapt quickly to business changes and the evolving threat landscape. Cybersecurity will need to be fully integrated into the end-to-end service delivery and not viewed as an outlier process.

An organization’s plans will need to recognize that whether we are a local Fort Worth business or large global company, we all must coexist together on the Internet. We are interconnected and have the potential to impact each other. A great example is the recent denial of service attacks that impacted large portions of the Internet in October. This attack used malicious software that took control of “Internet of Things” such as DVRs and video cameras. These devices flooded the Internet service that allows our Internet browsers to find websites like cnn.com and twitter.com. Who would have thought that systems such as these could be used to perform cyber-attacks?

I believe that applying high reliability organizational principles and creating a culture of “cybersecurity mindfulness” has the ability to reduce the probability of a business being a victim of a successful cyber-attack. At minimum, it has the potential to reduce the impact of a breach to customer’s data and improve Cybersecurity investment prioritization.

Ron Mehring is vice president of technology & security, Texas Health Resources.


close






Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox.

We don’t spam! Read our privacy policy for more info.

Latest News

Tarrant County reports 6 COVID deaths as Texas surpasses 9,000 hospitalized COVID patients

Tarrant County Public Health on Tuesday, Dec. 1 reported six COVID-19 deaths. The deceased include two men from Fort Worth in their 70s, a...

Fort Worth’s Redistricting Task Force presents draft recommendations

A City Council-appointed, 11-member Redistricting Task Force that will advise on redistricting issues in Fort Worth presented its draft criteria as part of its...

U.S. Reps. Michael Burgess and Joaquin Castro seek House leadership roles

The fall campaigns may be over, but for two Texans in Congress the elections are continuing into this week. U.S. Reps. Michael Burgess, a Lewisville...

Grand Prairie Deputy Mayor Pro Tem Swafford dies from COVID

City of Grand Prairie Deputy Mayor Pro Tem Jim Swafford died from COVID-19 Tuesday, Dec. 1, 2020, while hospitalized at Methodist Mansfield Medical Center. He...

Trump threatens defense veto over social media protections

WASHINGTON (AP) — President Donald Trump is threatening to veto a defense policy bill unless it ends protections for internet companies that shield them...