Cyber Resilience: Part One Introduction

This blog series is a re-tooling of a white paper I drafted in May 2015 while working at Stroz Friedberg. I want to thank Stroz Friedberg for the support and time to develop these ideas and specifically want to thank Bill Trent and Simon Viney from Stroz Friedbergs London office for their assistance and review. I also recieved valuable feedback from David Porter at Resilient Thinking and Dave Whitley at BAE Systems.

Introduction

The prevalence of digitally-enabled businesses, Internet-dependent customers and Internet-connected supply chains creates near unlimited opportunities and points of entry for cyberattacks, and significantly increases the potential for cybercrime to damage a company’s ability to maintain operations. This has created an environment in which cyberattacks by criminals, hacktivists and state-sponsored actors are more frequent and more damaging than ever.

Read the rest of this entry »

SOC Value Chain & Delivery Models

I was recently working with a firm to develop their Security Operations Centre (SOC) from a good but limited capability to a mature enterprise capability. While working through the maturity assessment, formalising their requirements and developing a roadmap we needed to consider a variety of delivery model characteristics. To draw out some of the key characteristics we needed to consider the organisation itself but also the state of SOC components.

To dig into this we developed a Wardley map mapping the value chain and evolution of SOC components. Wardley maps look complicated but are effectively a tool for discussion in front of a white board to identify dependencies and the maturity of components and services. (Click on the diagram for a full size version).

Read the rest of this entry »

A Rising Tide of Cyber Regulation?

I don’t envy regulators their task of ensuring the firms they supervise are managing their cyber risk well.

The increasing dependence of firms and whole sectors on information technology (IT) and operational technology (OT) was always a creeping concern but has accelerated dramatically as a result of the ‘digital’ movement in  large firms and the oncoming storm of the ‘Internet of Things’ (IoT). Governments around the world  have woken up to the potential  systemic and infrastructural threats to national security and national economies and have tasked regulators with ensuring these risks are appropriately addressed.

Read the rest of this entry »

Security Operations and the OODA Loop

I’ve mentioned Boyd’s OODA loop in a previous post but I thought it would make sense to share how I view the OODA loop driving the development of security operations. This is in contrast to the common derivation of the Deming cycle, that is often used in security programmes: Plan, Do, Check, Act (PDCA) .

Security Operations Centres (SOC) provide an increased ability to defend our businesses and their community from determined adversaries in cyberspace. A key framing view of a SOC is to consider the relationship between the SOC and the adversaries targeting the business as a combative relationship; as such an approach typified by Robert Boyd’s OODA loop is a useful tool for thinking comprehensively about how to plan our interaction with adversaries in the cyber domain.

Read the rest of this entry »

Measuring Black Boxes, part one

I have been attempting to capture the process or to be more accurate the heuristics of how I analyse security architectures. This was originally driven by the time it took me to document my conclusions and the lack of any particularly well-suited tooling but has increasingly become an attempt to communicate the method to other security architects. I also have a sneaking suspicion that a useful chunk of the process could be automated.

Due to the scale and complexity of many of the systems I have worked with a large part of the process has been to decompose a system and measure and characterise it’s components. This allows me to identify high risk areas of the system to focus my efforts.

Read the rest of this entry »

Twitter RSS