3099 leveraging cybersecurity skills for career …...systems security: a comprehensive model,” by...
TRANSCRIPT
2016‐09‐08
1
www.cybersecurityleadership.com
www.cybersecurityleadership.com
Dr. Mansur Hasib, CISSP, PMP, CPHIMSProgram Chair, Cybersecurity Technology
“We are working on 93,000 dreams, what is yours?”
www.cybersecurityleadership.com
LEVERAGING CYBERSECURITY SKILLS FOR CAREER SUCCESS
2016‐09‐08
2
www.cybersecurityleadership.comwww.cybersecurityleadership.com
• Evolution of Cybersecurity • Cybersecurity as People Powered Perpetual Innovation• How You Can Join the Movement and Succeed
Audience Participation Welcome Anytime
AGENDA
www.cybersecurityleadership.com
• Maximize Confidentiality, Integrity, and Availability
• Countermeasures: Technology, Policy and Awareness Training
Note. Adapted from “Information systems security: A comprehensive model,” by J. McCumber, 1991, October. Paper presented at the 14th National Computer Security Conference, National Institute of Standards and Technology, Baltimore, MD.
STATIC INFORMATION SECURITY MODEL ‐ 1991
OBSOLETE: PLEASE DO NOT USE ANYMORE
2016‐09‐08
3
www.cybersecurityleadership.com
INFORMATION ASSURANCE MODEL ‐ 2001
Note. Adapted from “A Model for Information Assurance: An Integrated Approach,” by W. V. Maconachy, C. D. Schou, D. Ragsdale, and D. Welch, 2001, June. Paper presented at the 2001 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, New York: New York.
OBSOLETE: PLEASE DO NOT USE ANYMOREwww.cybersecurityleadership.com
www.cybersecurityleadership.com
THE DYNAMIC CYBERSECURITY MODEL
2016‐09‐08
4
www.cybersecurityleadership.com
Cybersecurity is the mission focused and risk optimized management of information, which maximizes confidentiality, integrity, and availability using a balanced mix of people, policy, and technology while perennially improving over time.
‐Mansur Hasib, 2016
CYBERSECURITY DEFINED
www.cybersecurityleadership.com
www.cybersecurityleadership.com
CYBERSECURITY HAS A BUSINESS PURPOSE
Source: US Cybersecurity Magazine, Winter 2015 Issue
www.cybersecurityleadership.com
2016‐09‐08
5
www.cybersecurityleadership.com
LawyersSociologistsPsychologists
WritersLinguists
Political ScientistsCommunicationsEducators/Trainers
NON‐STEM PEOPLE CRITICAL IN CYBERSECURITY
www.cybersecurityleadership.com
www.cybersecurityleadership.com
People Innovate, Machines Do Not
Without People Powered Innovation, Cybersecurity Impossible
People Aren’t the “Weakest Link” – They Are Our Greatest Strength!!
THE VITAL ROLE OF PEOPLE IN INNOVATION
www.cybersecurityleadership.com
2016‐09‐08
6
www.cybersecurityleadership.com
Cybersecurity=Digital Strategy=Business StrategyEveryone Handles Data
Everyone Uses TechnologyPersonal and Work Life Difficult to Distinguish
Concept of Going to Work ChangingTechnology Affects Everything
Human Relationships Through TechnologyPower of Communications Democratized
People Work from Where they Are
THE MODERN BUSINESS ENVIRONMENT
www.cybersecurityleadership.com
www.cybersecurityleadership.com
70% of Innovation at Micro Level – Low Risk
30% of Innovation at Macro Level – High Risk
UNDERSTANDING PERENNIAL INNOVATION
www.cybersecurityleadership.com
2016‐09‐08
7
www.cybersecurityleadership.com
» Develop Cybersecurity Culture» Engage People at all Levels
» Inspire, Educate» Learn and Teach Perennially
» Focus on Increasing Technical Proficiency and Empowerment» Teamwork, Communications, Transparency
» Develop Leaders not Followers» More Decisions at Lower Levels of Organization
www.cybersecurityleadership.com
CYBERSECURITY IS NOT A ONE BRAIN SPORT
www.cybersecurityleadership.com
» People are Human Capital» People Must Enjoy Fruits of Innovation
» Loyalty of People Must Be Earned» Base Cybersecurity Education on Cybersecurity Model
» Lead People, Manage Resources
INSPIRING HUMAN INNOVATION
www.cybersecurityleadership.com
2016‐09‐08
8
www.cybersecurityleadership.com
Personal ValuesOrganizational ValuesDoing the Right Thing
Focus on the Mission of the OrganizationSharing the Benefits of Success
Making Raving Fans Out of Customers
ETHICAL LEADERSHIP – WHAT DO YOU STAND FOR?
www.cybersecurityleadership.com
www.cybersecurityleadership.com
Loyalty of Workers and Customers
Long Term Profitability
High Degree of Happiness
High Productivity and Innovation
Talk of the Town
Better Cybersecurity
BENEFITS OF ETHICAL LEADERSHIP
www.cybersecurityleadership.com
2016‐09‐08
9
www.cybersecurityleadership.com
If You Lead You Will Not Need to Manage
Business and Innovation:
For People, About People, With People
KEY POINTS
www.cybersecurityleadership.com
www.cybersecurityleadership.com
OPMAnthem
Community Health SystemsMontana Health Department
Xerox State HealthcarePremera Blue Cross
TargetHome Depot
LOOK FOR ORGANIZATION FLAWS … WHO IS IN CHARGE?
www.cybersecurityleadership.com
2016‐09‐08
10
www.cybersecurityleadership.com
Lack of Executive LeadershipAccountability Missing
Failure to Understand Mission SuccessJaundiced Analysis of Risk
Blame TechnologyBlame Foreign Actors
“Sophisticated Attack”=Stagnation
ACCOUNTANTS ARE UNPREPARED FOR CYBERSECURITY
www.cybersecurityleadership.com
www.cybersecurityleadership.com
Business Programs Do Not Teach IT and Cybersecurity
IT and Cybersecurity Programs Do Not Teach Business
Ethical Leadership as a Foundation for Business Success Not Stressed
PROBLEMS ALSO LIE IN GRADUATE EDUCATION TODAY
www.cybersecurityleadership.com
2016‐09‐08
11
www.cybersecurityleadership.com
Students Being Told to Discard Emotions to Succeed in MBA
Programs
Emotions are Your Ethical Barometer!
SERIOUSLY DEFICIENT AND OUTDATED CURRICULUM
www.cybersecurityleadership.com
www.cybersecurityleadership.com
Incentives for Ethical Leadership LackingHuman Capital is an Expense
Future Value Not Considered for HumansPublic Policy and Accounting Changes Essential
FUNDAMENTAL FLAW IN ACCOUNTING/POLICY
www.cybersecurityleadership.com
2016‐09‐08
12
www.cybersecurityleadership.com
Dire Need for IT and Cybersecurity Strategists in C‐SuiteCFOs Run Cybersecurity in Too Many Organizations
The Need for Ethical LeadershipA New Breed of CIOs NeededA New Breed of CISOs NeededA New Breed of CEOs Needed
Closer CEO/CIO Partnerships Powerful for OrganizationsCIO Moves to CEO Positions Have Been Powerful
CHALLENGES/OPPORTUNITIES
www.cybersecurityleadership.com
www.cybersecurityleadership.com
MASTER OF SCIENCE DEGREES AT UMUC
Cybersecurity TechnologyCybersecurity Management and Policy
Digital Forensics and Cybersecurity Investigations Information Assurance and Operations
Covers Cybersecurity Model, All Majors Welcome
www.cybersecurityleadership.com
2016‐09‐08
13
www.cybersecurityleadership.com
TEACHING MODEL
Learn By Applying KnowledgeMultiple Opportunities for Success
Mostly Practitioner/Scholar Doctoral FacultyLeadership, Business Thinking, Holistic Risk Management
Creating Business Executives of the Future
Let Accountants Be Accountants
www.cybersecurityleadership.com
www.cybersecurityleadership.com
SUCCESS IN THE FIELD
Be HappyBe the BestBe AmbitiousBe StrategicBe AwareBe CuriousBe FriendlyBe Thankful
Be CEOs of the Future
www.cybersecurityleadership.com
2016‐09‐08
14
www.cybersecurityleadership.com
[email protected]: @mhasib
QUESTIONS/DISCUSSIONS/CONTACT INFORMATION
References: Hasib, M. (2015). Cybersecurity Leadership (ebook, paperback, audio)