Management and Cyber Security

Management and

Cyber Security

Management and CyberSecurity

A single leader can fundamentally change the core culture of an organization and how it performs. Methods leveraged to run regular operational businesses may not be applicable to run a cybersecurity function in most organizations across the globe.

It just takes time, knowledge of the most appropriate leadership style, and then executing situationally-appropriated leadership behaviors and leverage the individual strengths and different emotional factors to maximize the impact on the execution of the cybersecurity plans.

The learnings and reflections out this course are outstanding, and the references help any current and future leader apply strategies, frameworks, and techniques specifically for Cybersecurity practice.

Introduction

A leader’s behaviors definitely can drive changes from small departments to corporations of any size, including its core culture and goals related to cybersecurity. It is challenging, to be sure, and it takes energy, time, committed team, vision, and the right kind of change-enabling behaviors given the situation and job at hand.

Regarding cybersecurity practices versus business practices, most of the management traits and frameworks may not prove successful because cybersecurity functions have different functions and skillsets involved. These management styles have been evolved since its conception during the industrial revolution, but not to deal with a silent war, which is the cybersecurity challenges.

For successful cybersecurity practices, it is vital to consider the strengths of individuals and map these strengths to cybersecurity practices such as business, engineering, program management, and administrative tasks. Mastering the strengths helps a leader establish a business plan that maps the functions necessary to implement a successful cybersecurity business practice.

These attributes and strengths can be clustered under executing, influencing, relationship building, and strategic thinking, which can dramatically change the future and success of organizations, especially dealing with significant challenges in the cybersecurity space.

Nevertheless, it is possible, and more importantly, in as little time as a year. Through a combination of transformational and other leadership behaviors, leaders may prove fruitful.

Beyond preserving organizational longevity, though, these leaders also illustrated that changing leaders, or more precisely changing the kind of leadership behaviors executed by a leader, can fundamentally change the culture of an organization. It just took time, knowledge of the most appropriate leadership style, and performing situationally-appropriate leadership behaviors. (Rath, 2008).

According to Gallup, “The most effective leaders are always investing in strengths.” Managers and must concentrate on their strengths and those of their employees. Some 73% of employees say they are more engaged when their firms focus on their personal abilities. Only 9% of staffers feel engaged when companies fail to make this effort. (Rath, 2008).

When it comes to management, there is a trend of focusing on goals and daily operations without considering the likelihood of addressing cybersecurity, most substantial challenges engaging the team strengths, leader's vision, and company or organization mission.

Ethical and Professional Responsibilities

Ethics are driven by the company and personal values, an unwavering commitment to integrity. When this a robust private foundation is echoed across an organization, these strong foundational values are valid when talking about cybersecurity plan and execution, stakeholders, and upon, a long-term business relationship is possible.

The most important outcome of this paper combining several decades of several types of research is the importance of managers or leaders leveraging the strengths of teams across the organization and through factors such as transformational, cultural, and ethics. Combining all strengths and the elements mentioned can drive individuals, groups, and organizations to execute cybersecurity vision, plan and maximize the impact successfully.

Reflections

My reflection comes from the first discussions of engaging ethical hackers to assess the service or a company posture. Probably nearly two hundred posts out of this question. What a great question and statement to discuss.

It is fascinating and indeed a very close to me, I am fortunate and humble of leading one of the Red Teams with a diverse set of skills, people and super talented within Microsoft.

Secondly, the word hacker is very ambiguous, and it depends on the narrative where this definition is employed. In some books, it is possible to find the definition of Black, Gray, and White hats, or in the last example, the Ethical Hackers.

To have a successful, impactful, and value offensive security in any organization, many pre-requisites should exist, such as clear rules of engagement, full sponsorship at the executive level, and clear boundaries set by the legal department.

Is this security function applicable to most companies? Is it the panacea to all security vulnerabilities?

The standard answer to this is a soundly: No.

Offensive Security teams or building a Red Team requires a sizable budget and must have the support of other security teams or functions within the organization to allow a functional and strategic oriented approach towards the targets and proper asset classification to determine the impact of the findings and how to prioritize security and systemic findings.

Red Teaming differs from typical penetration test assessment; it is much more holistic and unbiased assessments. It is vital to have a diverse team able to emulate all ranges of threat actors from script kiddies to a nation-state. Each adversary has different capabilities and motivations and must be modeled accordingly to drive effective defense.

At Microsoft’s Offensive Security Research Team (a.k.a. the Red Team) is a group of sophisticated hackers who gather intelligence, find holes, and build refined attacks to expose vulnerabilities in Windows from the inside. They then collaborate with their colleagues to build disruptors that can block the attack in the real world.

The result of establishing a Red Team is more customer-centric, helping businesses and organizations better protect customers, employees, and students.

For most organizations, it is imperative to have a Red Team as an internal function – That can understand how hackers work and motivations behind.

Artifacts

Management and Cyber Security Management and Cybersecurity - Contoso Policy

Resources

Books References

Peltier, Thomas R. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management. Auerbach Publications, 2002.

Arlotto, Pam, and Susan P. Irby. Beyond Return on Investment: Expanding the Value of Healthcare Information Technology. CRC Press, Taylor & Francis Group, 2019.

Smallwood, Robert F. Information Governance: Concepts, Strategies, and Best Practices. Wiley, 2020.

Pruteanu, Adrian, and Zeal Vora. Enterprise Cloud Security and Governance. Packt Publishing, 2017.

Stafford, Brian, and Dottie Schindlinger. Governance in the Digital Age: a Guide for the Modern Corporate Board Director. Wiley, 2019.