A Holistic Approach to Cybersecurity; Technologies, Process, & People

password-cyber-securityIN THE PAST, much of the cybersecurity focus and activities by both industry and government have been reactive to the latest threat or breach. That trend appears to be changing from reacting to being more proactive. That is a good thing. The newer approach is for a more holistic approach of integrating technologies, processes and people. The future of the practice will rely more on informed risk management. That requires an active strategy of detection, recognition, identification, response and remediation of threats. Advancement in area of predictive data analytics and diagnostics to index, provide network traffic analysis, and protect against further incursions is already becoming a growing area of concentration.

Technology development continues to evolve with the introduction of new innovations to address the cybersecurity framework that includes networks, payloads, endpoints, firewalls, anti-virus software, and ecryption. This framework will provide for better resiliency and also forensic analysis capabilities. Some newer areas of cybersecurity spending will be in the areas of cloud, authentication, biometrics, mobility, automation, including self-encrypting drives. And, of course, super computing and quantum computing.
Automation, including via artificial intelligence, is an emerging and future cybersecurity pathway. In an effort to better protect the federal cyber space DHS has deployed an automated cyber surveillance system that monitors federal internet traffic for malicious intrusions and provides near real-time identification of malicious activity called EINSTEIN 2. This model has the potential to be expanded and upgraded both in the public and private sector.

Public/private Cooperation
The most important trend I see is the expanding collaborative research and development (R & D) between the public and private sectors in meeting the threats to critical infrastructure.

[su_highlight]The ability for the private sector to invest, co-develop and integrate innovative technologies into the federal cybersecurity marketplace will significantly impact progress in threat deterrence and mitigation.[/su_highlight]

It is clear that the private sector has more experience, training and expertise than government in cybersecurity, although lack of cyber talent is an urgent problem for both sectors. The White House is also encouraging new incentives for the private sector for information sharing which includes classified information. The National Institute for Standards (NIST) in cooperation with DHS has been developing standards for the voluntary cyber framework.

But perhaps a most important is information sharing between the Public/Private sectors in a rapidly changing threat landscape to deliver situational awareness and coordinate protection, prevention, mitigation, and recovery from cyber incidents. There is currently a variety of legislation in Congress focused on building stronger information cooperation between government and corporations in a less regulated but more coordinated and transparent effort.

Of course, to incorporate true cybersecurity protection, it call comes down to a basic security awareness of employees, establishing security protocols, and having a trained works force.[bctt tweet=”Technology and people have to be symbiotic.” username=”bizmastersglobal”]

A wide variety of technologies, protocols, SMEs working in a holistic approach will be fundamental to the success of cybersecurity. This should be inclusive in any framework and cooperative strategy as we move ahead into a new digital era.

Chuck Brooks
Chuck Brookshttps://www.brooksci.com/
CHUCK is the Principal Market Growth Strategist, Cybersecurity and Emerging Technologies for General Dynamics Mission Systems. Chuck’s a preeminent thought leader on cybersecurity and emerging technologies. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn” out of their 500 million members. He is also an advisor to LinkedIn on cybersecurity and emerging technology issues. Chuck has published more than 150 articles and blogs on cybersecurity and technology issues and is a frequent featured speaker at conferences. Chuck has also judged five Government Security News Homeland Security Awards.[su_spacer] In both 2017 and 2016, he was named “Cybersecurity Marketer of the Year by the Cybersecurity Excellence Awards. Chuck’s professional industry affiliations include being the Chairman of CompTIA’s New and Emerging Technology Committee, and as a member, Electrical and Electronics Engineers IEEE Standards Association (IEEE-SA) Virtual Reality and Augmented Reality Working Group. He is on the Advisory Board, Center for Advancing Innovation, and has also served as a Technology Partner Advisor to the Bill and Melinda Gates Foundation.[su_spacer] Chuck has served in government at The Department of Homeland Security (DHS) as the first Legislative Director of The Science & Technology Directorate at the Department of Homeland Security. He served as a top Advisor to the late Senator Arlen Specter on Capitol Hill covering security and technology issues on Capitol Hill. Earlier in his career, he served a Special Assistant of the Director of Voice of America.[su_spacer] He also was an Auxiliary Police Officer for Arlington County , Virginia. Chuck was also an Adjunct Faculty Member at Johns Hopkins University where he taught a course on Homeland Security and Congress. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.
avatar
  Subscribe  
Notify of
Anonymous
Anonymous

What I have seen in private healthcare organizations is a lack of training for HIPAA protected health information. I have seen an indifference to the storage of personal health information both in the office environment, as well as the computer systems. I have seen files scanned and then left on the desktop of computer systems until a clerk “has time” to upload the information into a patients’ charts. I have seen computers without current firewall or malware protection, because it’s no one’s responsibility to update it. I have talked with computer officianados in the same offices where there is no concern about the local computer because they are using online SaaS systems. I have seen administrative clerk’s asking people for their last names when they check in for exams, instead of their first names, and then not verifying their birthdates, to prove it is them. I have seen patients instructed to “go down the hall” to a public restroom for a UDS with no concern if it is actually their urine in the container when it returns to the admin rep.

Erik Whitehead
Erik Whitehead

Chuck,

What classified info are you talking about?

“The White House is also encouraging new incentives for the private sector for information sharing which includes classified information.”

Simon Smith
Simon Smith

Hello, Simon Smith, Cyberse expert from eVestigator here. I agree through much experience that “technology and people have to be symbiotic”. I would even go as far as saying all packet sniffing and virus detection technology is useless given polymorphism programming and random encryption keys and the only vector I see in real Cybercrime every day is ‘Human Deception’. People can make as much technology as they want. In my 27 years as a programmer l can safely say I could programme an undetectable executable and could have done so 20 years ago. We are just lucky so far. We need proper solutions that monitor human b insider deception and mistrust, the #1 reason for all real life Cybersecurity concerns.

JUST ONE CLICK HERE TO GET YOUR DAILY DOSE

REAL PEOPLE

Powerful voices from around the globe that speak to our shared human experience. May they inspire you and give you great hope.

JUST 1 CLICK

IS ALL IT TAKES TO LEARN SOMETHING NEW TODAY

Must Read

JUST 1 CLICK

IS ALL IT TAKES TO BEGIN ENJOYING OUR PODCASTS

JUST 1 CLICK

IS ALL IT TAKES TO EXPLORE OUR INSPIRING GLOBAL COMMUNITIES