31 May 2021

Memorial Day 2021: We the People...

On this Memorial Day weekend 2021, we remember those who have given us their Military service, their dedication and their time, and their own life. To help ensure our U.S. citizens, with a lifetime of “Liberty”.

Definition of liberty

1 : the quality or state of being free:

The men and women of the United States, who are buried in Arlington Memorial Cemetery or some other place in America, today we thank you again.

“From Sea to Shining Sea, this land we fight to preserve and the actions we take to “Protect the American people and uphold the Constitution of the United States” is in our hearts, and in our minds every day.”

So it is the true dedication, discipline and the real work of these great Americans, that we recognize, on holidays such as this annual Memorial Day.

Who will you remember today? What is their name? How did you know them? When did they serve? Where did they serve? Why were they so dedicated to their mission?

You see, beneath every headstone there is a person, who has their own personal reasons and their particular story.

On this day we shall also recognize all those “First Responders” with courage, who uphold and defend our chosen way of life in America.

Never forget those “Quiet Professionals” who run towards danger, or who devote their time to truly Understand, Decide and Act.

Yet what shall you “Do” today to make a difference in America?

How about if we all start with a prayer in our our own place of worship, the day before Memorial Day?

A prayer for our fellow “American Citizens” to be kind. To pray that Mothers and Fathers here, will teach our children about our history and why so many have died.

“We the People of the United States, in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defence, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity, do ordain and establish this Constitution for the United States of America.”

15 May 2021

Enterprise Security Risk Convergence: The Wave of the Future...

Savvy CIO's and CSO's recognize that new threats and soaring costs are two factors driving the convergence or integration of traditional and information security functions in a growing number of global companies.

Business desire for security professionals who can examine and assess the risks that organizations face as a whole, is one of the driving forces behind the convergence phenomenon.

Operational Risks span the continuum from the physical to the digital environment in our enterprise ecosystems.

The focus on security from an enterprise perspective has led to innovative approaches that emphasize integration; specifically, the integration of the risk side of business into the strategic planning side in a consistent and holistic manner.

Strategic Convergence & Change Management solutions ensures that integrated functions within the organization work together. This growing need enables the organization to effectively deter, detect, defend and document both physical disruptions and information security incidents.

Enterprise Security Risk Convergence initiatives are underway in many global organizations today and for good reason. For too long, the silo's of information in the physical guards, gates and guns world were not on an IP network. Those days are over.

The Siemens, Tyco's and Honeywells along with other physical security juggernauts, have figured out that they need the information security software and hardware to provide totally "converged" solutions for their clients.

Integration of information-based assets in embedded systems combined with the data bases of the INFOSEC operations can now provide that holistic view of risk that the enterprise has been thirsty for. Yet, this battle is only starting to heat up.

Prepare your organization for the day when the efficiencies and the effectiveness of having redundant safety and security responsibilities becomes a new agenda topic at the next executive retreat.

Strategic Security Convergence is the "Operational Risk Management" wave of the future.

How these converged entities are forming and how they will arrive at a single focal point is based on what they both have in common. Information-based assets.

And when it comes to establishing a single risk management system focused on information, there is only one recognized International Standard.

ISO 27001 is that set of controls and guidance that will assist in the rapid convergence of these seemingly different security domains.

Once the physical security management realizes that their budgets are going to be combined with the information security budgets, the feathers and fur will begin to fly in the halls of the corporate headquarters around the globe.
In the end, the winners will be those organizations who realized that all the guards, gates, firewalls and intrusion prevention systems are nothing more than tools.
What they support, are the successful implementation of a Risk Management System focused on collecting the most timely and relevant information.

The single asset that both security organizations have in common, are the indicators of compromise.

08 May 2021

SPRINT: "Thought Doership"​...

What are you doing this week, this month or this quarter to make a difference with the people you care about?

How might you and your small team “Do” something to collect, analyze, synthesize and publish vital information that could save lives?

“Thought Doership” is what your organization is thirsty for and if you don’t do something soon, you may miss the window of opportunity or the chance of your own survival.

The adversary exists along a wide spectrum of severity and various degrees of likelihood. Is it human-powered, a silicon-powered “Bot”, a weather pattern, or even invisible Directed Energy.

Over the course of the next 4 weeks X 2 hours X 8 Highly-Trained and knowledgeable people, you will follow the methodology:

Definition of methodology

1 : a body of methods, rules, and postulates employed by a discipline : a particular procedure or set of procedures .

2 : the analysis of the principles or procedures of inquiry in a particular field

Once you have determined your rendezvous point and the cadence for your team to engage in “Thought Doership” you must utilize your design.

Your team will embark on your journey together as scheduled:

  • Week 1 – Map / Target
  • Week 2 – Sketch / Solution
  • Week 3 – Decide
  • Week 4 – Prototype

Now it is time to get into the geographic place you planned to operate, so your product/solution can truly experience the real world of your teams “Thought Doership”.

How might you and your small team learn and collect data, from the prototype you have designed, implemented and measured?

This will become part of the mosaic that you and your team are working towards, fighting for, and will soon be a key component of your designed purpose.

You might call yourself a thought leader, yet what are you doing to SPRINT…

02 May 2021

SCRM: ICT Supply Chain Risk Management...

What is your private sector enterprise doing today to improve your ICT Supply Chain Risk Management (SCRM)?  Cyber-espionage campaigns have been operating for years across the ICT domains and are exposed every year in the trade press to John Q. Citizen, soon after "Black Hat" and "Defcon".  Once again, the origins of these sophisticated and viable adversaries are located inside nation states.

The beltway has been talking about the need for more effective legislation to modify behavior on the Supply Chains of Critical Infrastructure.  For many who remain committed to the silent war and the warriors who are fighting it each day on a 24 x 7 basis, they know the operational risks associated with this modern day battlefield.

Do you know where your information is today?  No, not your "Personal Identifiable Information" (PII), but the crown jewels of your latest Research and Development project.  Or the details on the "Merger and Acquisition" (M&A) activity associated with your cash cow law firm client.  Guess again, because you may not be the only one who now has copies of these trade secrets or confidential and proprietary information.
 
The Information Communications Technology (ICT) supply chain is at risk and the days are numbered until our final realization even after SolarWinds, that this issue is far past the policy makers control.  Is this an operational risk that we have done all we can do, to mitigate the impact on our U.S. national security?  Everyone should know the answer to this question.

The complexity and the complacency of the problem continues to plague those who are working so diligently to fend off the daily attacks or counterfeit micro-components.  The strategy is now morphing as we speak, from defense to offense and the stage is being set for our next generations reality of global cyber conflicts and ICT due diligence.  Richard Clarke and others are beyond the ability to say much more than they already have so far.

So where are the solutions?  Where are the answers?  They can be found very much in the same way organizations, companies and nation states realized what was necessary to deter, detect, defend and document operational risks to their institutions for the past several decades.  The science has changed rapidly but the foundational solutions remain much the same using these six factors:
  • Identify
  • Assess
  • Decide
  • Implement
  • Audit
  • Supervise
These six factors of your respective "Operational Risk Management Enterprise Architecture," is the framework for these solutions.  The ability for these to continuously operate within your enterprise will determine how effective you are in surviving what others have predicted for over a decade...