Cyber Resilience 360: A comprehensive approach to effectively create and execute a Cyber Resilience Mindset in organisations.
What measures can CIO's take to improve cyber resilience of their organizations in case of a cyber attack on its physical infrastructure layer?
Governments, enterprises and core business functions are becoming more and more dependent on IT and cyberspace.
Conventional businesses, information security and static risk management practices are no longer appropriate in a rapidly changing world in which system interdependence and information density accompany greatest challenges.
How can we collect data and gather intelligence in order to make appropriate decisions that cannot be negated and make problems worse?
How can we create and incorporate a 'sensor network’ within our organizations and communities that encourages its members to actively learn from it and make them able to recognize and communicate threats related intelligence from the very edge of our organizations?
Refined, stealthy and persistent cyber attacks mainly focused on cyber resources and organizational infrastructures are increasingly urging the need for cyber resilience for our IT systems and those who depend on them.
What measures can CIO's take to improve cyber resilience of their organizations in case of a cyber attack on its physical infrastructure layer?
This research paper further presents a dynamic initial framework for improving cyber resilience called the DIOODAE framework. The framework is mainly based upon theories such as: OODA, Cynefin framework and Crisis Management Principles. The framework identifies key domains and structures that can be utilized to improve the organizational cyber resilience capabilities.
The DIOODAE framework mentioned is a crisis management framework and mainly based upon theories such as: OODA, Cynefin framework and Crisis Management Principles.
The DIOODAE framework (conceptual framework based on literature review)
Author: Sheraz Ali ( 2014 )
Step 1: Define Context:
Timely recognizing vulnerabilities that could become a threat is very essential, how sooner a threat is recognized thus the huger the likelihoods that escalations could be averted.
“Attaining one hundred victories in one hundred battles is not the pinnacle of excellence. Subjugating the enemy’s army without fighting is the true pinnacle of excellence”
Defining a playfield is the basic imperative of understanding the context of a certain situation; we also need to comprehend the theory behind the methods and tools. Through understanding the theory we can revise the method to match the context.
Step 2: Identify the key stakeholders and intelligence sources
Collecting and analyzing information to produce a reliable and dynamic perception of the certainty are basic imperatives for a successful crisis management. To identify strategic key stakeholder and intelligence sources and while making decisions it is compulsory to first practice, process, reflect and verify gathered information. It is also very important to imbed a structure that enables the contributions to the sufficient awareness of the crisis team.
Step 3: Observe the intelligence sources
“Observe is the process of acquiring information about the environment by !interacting with it, sensing it, or receiving messages about it. Observation also receives internal guidance and control from the Orient process, as well as feedback from the Decide and Act processes.”
Observation is one of the initial elements of understanding data and information regarding the context and its operating environment.
It can be best defined as monitoring and gathering of information within an organization. Observation can also refer to observation as recognition, specifically the detection of malicious activities via internal observing tools or external sources that publish information about known incidents.
“The big picture view of a system seeks to identify the mission that the system fulfills and the capability gap it was intended to fill, the information it provides, the environment within which it operates, and the user community it serves.”
Collecting and analyzing information to produce a reliable and dynamic perception of the certainty are basic imperatives for a successful crisis management. To identify strategic issues while making decisions it is compulsory to first practice, process, reflect and verify gathered information. It is also very important to imbed a structure that enables the contributions to the sufficient awareness of the crisis team.
Step 4: Orient on the intelligence sources and scenarios
Orientation forms how events are observed, how we decide and finally the way we act. At this stage based on new or present knowledge, analysis, correlation and historical practices, categorizing or the collected intelligence is applied. Crisis management examples of orientation would be the immediate gathering and linking of case related information, event and log data, and situational analysis.
Orientation is about generation, processing, storage, transmission, consumption and destruction of data. It is about how information flows through the organization and where are the vulnerabilities.
Step 5: Decide upon scenarios
“Decide is the process of making a choice among hypotheses about the environmental situation and possible responses to it. Decide is guided by internal feed-forward from Orient, and provides internal feedback to Observe.”
The context is relentlessly shifting and new threats and vulnerability arise each day. After observe and orientate stages, we can prepare a hypothesis and we then can decide on the appropriate course of action to continue based on the overall crisis management outline of the company. The practice of crisis management is a continuing iterative procedure that must be repeated periodically.
The decision outcomes will most properly fall into one of the next four risk classes:
Step 6: Act upon scenarios
“Act is the process of testing the chosen hypothesis by interacting with the environment. Act receives internal guidance and control from the Orient process, as well as feed-forward from Decide. It provides internal feedback to Observe.”
After following the OODA loop in a truly linear fashion, we now enter the Act stage. At this stage we seek to apply the appropriate course of action. A course of action with high buy-in and accountability generates actions that are aligned with the chosen course of action. The opposite is also true, in case if a decision is made and it is not followed by consistent stages of the OODA Loop.
In order to analyze the decision associate the taken actions with specific OODA stages. In case if the taken actions cannot be identified where an action was initiated then it could be a cause that the decision has not followed the formal OODA loop and it may be driving other loops. By increasing the level of automation within the Act process, we can increase the promptness of the process; decrease the chances for initiated error and increase risk avoidance.
Step 7: Evaluate best practices
To enhance the organizational learning capability and effective knowledge sharing to increase resilience, it is essential to frame the incidents associated to a crisis situation into a cohesive root-cause analysis. Create a well-defined depiction of the crisis situation, organize stakeholders and mobilize a group of specialists who can draw independent conclusions, convey out the learned lessons to key stakeholders to build an informed and resilience organization.
Summary
To efficiently cope with a crisis situation, it is imperative to define a context in order to observe data and recognize patterns, which can become a threat in a very early stage.
By identifying the key stakeholders, making sense of the collected intelligence and sorting it into categories such as simple, complicated, complex and chaotic, we can make critical decisions timely and can decide accurately which systems should be coupled and or decoupled.
By making proper meaning of a certain crisis situation, proper communication of its context, duration, impact, taken measures, and related key stakeholders and by applying and evaluating best practices, we can contribute to enhanced resilience capabilities of our institutions.
Advantages: DIOODAE framework
The DIOODAE framework is a comprehensive dynamic stepwise approach to define a context, identify stakeholders and required intelligence needs to prepare for a crisis situation. It also helps to observe the gathered data, orientate and decide on the best available options, act on scenarios and evaluate best practices.
In summary the DIOODAE framework helps the company to effectively Prepare, Protect, Detect, Recover and Respond in order to improve its cyber resiliency before, during and after a cyber attack.
Disadvantages: DIOODAE framework
As the dynamic nature of the DIOODAE framework, it is very important to have the right configuration needed for a certain context. It is therefor very important to always start with defining the goals and scope of a certain outcome. To do so it is strongly recommended to configure the model in a team setting through a brainstorm session.
Reflection
This research paper has presented The DIOODAE framework, a dynamic framework for crisis management to improve cyber resilience. The DIOODAE framework provides a comprehensive way to Define, Identify, Observe, Decide, Act and Evaluate of cyber resilience objectives and practices. The framework also serves to motivate and characterize cyber resilience measures. Cyber resilience is a part of enterprise cyber defense strategy and in particular part of IT operations assurance.
These cyber resilience disciplines keep evolving by the time. In addition, cyber resilience is an active area of research. Therefore, the DIOODAE framework presented in this research paper is estimated to change. Feedback and debates to improve the framework are welcome.
More on Phishing as a Service (PhaaS): http://www.phishingawareness.nl
Governments, enterprises and core business functions are becoming more and more dependent on IT and cyberspace.
Conventional businesses, information security and static risk management practices are no longer appropriate in a rapidly changing world in which system interdependence and information density accompany greatest challenges.
How can we collect data and gather intelligence in order to make appropriate decisions that cannot be negated and make problems worse?
How can we create and incorporate a 'sensor network’ within our organizations and communities that encourages its members to actively learn from it and make them able to recognize and communicate threats related intelligence from the very edge of our organizations?
Refined, stealthy and persistent cyber attacks mainly focused on cyber resources and organizational infrastructures are increasingly urging the need for cyber resilience for our IT systems and those who depend on them.
What measures can CIO's take to improve cyber resilience of their organizations in case of a cyber attack on its physical infrastructure layer?
This research paper further presents a dynamic initial framework for improving cyber resilience called the DIOODAE framework. The framework is mainly based upon theories such as: OODA, Cynefin framework and Crisis Management Principles. The framework identifies key domains and structures that can be utilized to improve the organizational cyber resilience capabilities.
The DIOODAE framework mentioned is a crisis management framework and mainly based upon theories such as: OODA, Cynefin framework and Crisis Management Principles.
The DIOODAE framework (conceptual framework based on literature review)
Author: Sheraz Ali ( 2014 )
Step 1: Define Context:
Timely recognizing vulnerabilities that could become a threat is very essential, how sooner a threat is recognized thus the huger the likelihoods that escalations could be averted.
“Attaining one hundred victories in one hundred battles is not the pinnacle of excellence. Subjugating the enemy’s army without fighting is the true pinnacle of excellence”
Defining a playfield is the basic imperative of understanding the context of a certain situation; we also need to comprehend the theory behind the methods and tools. Through understanding the theory we can revise the method to match the context.
Step 2: Identify the key stakeholders and intelligence sources
Collecting and analyzing information to produce a reliable and dynamic perception of the certainty are basic imperatives for a successful crisis management. To identify strategic key stakeholder and intelligence sources and while making decisions it is compulsory to first practice, process, reflect and verify gathered information. It is also very important to imbed a structure that enables the contributions to the sufficient awareness of the crisis team.
Step 3: Observe the intelligence sources
“Observe is the process of acquiring information about the environment by !interacting with it, sensing it, or receiving messages about it. Observation also receives internal guidance and control from the Orient process, as well as feedback from the Decide and Act processes.”
Observation is one of the initial elements of understanding data and information regarding the context and its operating environment.
It can be best defined as monitoring and gathering of information within an organization. Observation can also refer to observation as recognition, specifically the detection of malicious activities via internal observing tools or external sources that publish information about known incidents.
“The big picture view of a system seeks to identify the mission that the system fulfills and the capability gap it was intended to fill, the information it provides, the environment within which it operates, and the user community it serves.”
Collecting and analyzing information to produce a reliable and dynamic perception of the certainty are basic imperatives for a successful crisis management. To identify strategic issues while making decisions it is compulsory to first practice, process, reflect and verify gathered information. It is also very important to imbed a structure that enables the contributions to the sufficient awareness of the crisis team.
Step 4: Orient on the intelligence sources and scenarios
Orientation forms how events are observed, how we decide and finally the way we act. At this stage based on new or present knowledge, analysis, correlation and historical practices, categorizing or the collected intelligence is applied. Crisis management examples of orientation would be the immediate gathering and linking of case related information, event and log data, and situational analysis.
Orientation is about generation, processing, storage, transmission, consumption and destruction of data. It is about how information flows through the organization and where are the vulnerabilities.
Step 5: Decide upon scenarios
“Decide is the process of making a choice among hypotheses about the environmental situation and possible responses to it. Decide is guided by internal feed-forward from Orient, and provides internal feedback to Observe.”
The context is relentlessly shifting and new threats and vulnerability arise each day. After observe and orientate stages, we can prepare a hypothesis and we then can decide on the appropriate course of action to continue based on the overall crisis management outline of the company. The practice of crisis management is a continuing iterative procedure that must be repeated periodically.
The decision outcomes will most properly fall into one of the next four risk classes:
- “Risk assumption - accept risk, continue operating
- Risk avoidance - avoid the risk by eliminating the risk cause and/or consequence
- Risk limitation - limit the risk by assigning controls that minimize the impact
- Risk transference - transfer the risk by using other options to compensate for the
loss”
Step 6: Act upon scenarios
“Act is the process of testing the chosen hypothesis by interacting with the environment. Act receives internal guidance and control from the Orient process, as well as feed-forward from Decide. It provides internal feedback to Observe.”
After following the OODA loop in a truly linear fashion, we now enter the Act stage. At this stage we seek to apply the appropriate course of action. A course of action with high buy-in and accountability generates actions that are aligned with the chosen course of action. The opposite is also true, in case if a decision is made and it is not followed by consistent stages of the OODA Loop.
In order to analyze the decision associate the taken actions with specific OODA stages. In case if the taken actions cannot be identified where an action was initiated then it could be a cause that the decision has not followed the formal OODA loop and it may be driving other loops. By increasing the level of automation within the Act process, we can increase the promptness of the process; decrease the chances for initiated error and increase risk avoidance.
Step 7: Evaluate best practices
To enhance the organizational learning capability and effective knowledge sharing to increase resilience, it is essential to frame the incidents associated to a crisis situation into a cohesive root-cause analysis. Create a well-defined depiction of the crisis situation, organize stakeholders and mobilize a group of specialists who can draw independent conclusions, convey out the learned lessons to key stakeholders to build an informed and resilience organization.
Summary
To efficiently cope with a crisis situation, it is imperative to define a context in order to observe data and recognize patterns, which can become a threat in a very early stage.
By identifying the key stakeholders, making sense of the collected intelligence and sorting it into categories such as simple, complicated, complex and chaotic, we can make critical decisions timely and can decide accurately which systems should be coupled and or decoupled.
By making proper meaning of a certain crisis situation, proper communication of its context, duration, impact, taken measures, and related key stakeholders and by applying and evaluating best practices, we can contribute to enhanced resilience capabilities of our institutions.
Advantages: DIOODAE framework
The DIOODAE framework is a comprehensive dynamic stepwise approach to define a context, identify stakeholders and required intelligence needs to prepare for a crisis situation. It also helps to observe the gathered data, orientate and decide on the best available options, act on scenarios and evaluate best practices.
In summary the DIOODAE framework helps the company to effectively Prepare, Protect, Detect, Recover and Respond in order to improve its cyber resiliency before, during and after a cyber attack.
Disadvantages: DIOODAE framework
As the dynamic nature of the DIOODAE framework, it is very important to have the right configuration needed for a certain context. It is therefor very important to always start with defining the goals and scope of a certain outcome. To do so it is strongly recommended to configure the model in a team setting through a brainstorm session.
Reflection
This research paper has presented The DIOODAE framework, a dynamic framework for crisis management to improve cyber resilience. The DIOODAE framework provides a comprehensive way to Define, Identify, Observe, Decide, Act and Evaluate of cyber resilience objectives and practices. The framework also serves to motivate and characterize cyber resilience measures. Cyber resilience is a part of enterprise cyber defense strategy and in particular part of IT operations assurance.
These cyber resilience disciplines keep evolving by the time. In addition, cyber resilience is an active area of research. Therefore, the DIOODAE framework presented in this research paper is estimated to change. Feedback and debates to improve the framework are welcome.
More on Phishing as a Service (PhaaS): http://www.phishingawareness.nl