Establishing a Portfolio Approach for Managing Cybersecurity Programs - Part 2

Thank you for all your feedback for Part One. In the second segment, our intent is to cover a few essential components of the Cybersecurity Program such as Knowledge Management, Project Management, and Talent Management.

  • Cybersecurity Analytics - Cybersecurity analytics is becoming an increasingly more important function of the cybersecurity organization. Proactively performing threat detection using analytics provides security teams and data scientists the capability of processing and analyzing very large datasets of threat information in real-time. Cybersecurity analytics enables data scientists and threat hunters in the design and development of predictive threat models based on threat intelligence and knowledge of the security data. The CISO’s who utilize the best tools and technologies for their analytics platform and provide the appropriate training for the Cyber workforce are able to implement smart alerts, and develop more meaningful reports and dashboards, resulting in improving detection and remediation capability, while reducing the ambiguity when performing the investigation of security events.
  • Knowledge Management - Knowledge Management is becoming a critical function of the Cybersecurity program. The knowledge management process increases the effectiveness of the Cybersecurity program by institutionalizing the decision-making and continuous learning activities.  The knowledge management process and tools enable the Cybersecurity organization to effectively identify, document, and communicate information and status regarding Cybersecurity projects, vulnerabilities, threats, security events, and incidents occurring in the environment, as well as provide guidelines and standard operating procedures (SOPs) for IT and asset owners.  The CISO is responsible for assuring that knowledge management projects are identified, planned, initiated, and executed. Today’s CISO defines and designs the Cybersecurity organization’s knowledge management framework as well as decides the tools and technology used to implement and administer the system. A mature knowledge management system uses Cloud technology to collect, maintain, and communicate Cybersecurity content to allow leadership to easily understand the status of security-related projects and programs. A well-designed and correctly implemented knowledge management system provides the CISO and asset owners the insight using KPIs, metrics, and information of interest, and the dashboards for visualizing and communicating the progress of the Cybersecurity projects.
  • Project Management - Applying project management principles to the Cybersecurity program keeps security-related initiatives on budget and on schedule. Additional benefits include strategic alignment, streamlining project execution, optimizing resource capacity and allocation, instilling a culture of continuous improvement, a more effective problem resolution and risk management. There are important details and standard project artifacts as part of the project management activities that are not included in the POA&M process. For example, well-defined project deliverables and roles and responsibilities, WBS, resource assignments and task schedules, project risk tracking and mitigation, communication planning, quality assurance, and continuous improvement. A mature project management approach provides the CISO with fundamental information about specific projects and statuses needed to create and maintain the integrated master plan and schedule. The integrated master plan and schedule is required by the CISO for managing resource allocation and capacity, budgeting, monitoring and control of the Cybersecurity program portfolio.
  • Talent Management - As Cybersecurity vulnerabilities and threats increase and become more sophisticated, risk rises for those programs that do not have the correct skill-sets or enough talent. Every CISO requires a Cyber talent management approach that best leverages internal staff, contractors, and outsourcing. A highly trained and skilled Cyber workforce greatly reduces risks to the organization. However achieving this requires the CISO to define, and assess the Cyber workforce needs, and develop, design, train, and retain Cyber talent. Fortunately, there are proven approaches and tools that the CISO can utilize to perform these functions to strengthen the Cyber workforce. Accomplishing this requires assessing the talent-gaps within the Cyber workforce and aligning the talent management plan with the organization’s Cyber goals. It is critical that the Cyber talent strategy is supported by the organization’s acquisition strategy. Acquisition alignment and support allows the CISO to attract the right talent, grow the workforce, and create an environment where cyber employees and contractors are retained. It is the CISO’s responsibility to define the workforce requirements, establish talent benchmarks, evaluate potential risks caused by gaps in talent and skill-sets, and to define career paths. Defining a clear and concise career path significantly improves the organization’s ability to source, recruit, and retain Cyber talent, and it supports the job analysis, skills assessment, training, and talent forecasting process.