Please use this identifier to cite or link to this item: https://dair.nps.edu/handle/123456789/4452
Title: Lessons Learned in Building and Implementing an Effective Cybersecurity Strategy
Authors: Carol Woody
Rita Creel
Keywords: Cybersecurity
Issue Date: 20-May-2021
Publisher: Acquisition Research Program
Citation: Published--Unlimited Distribution
Series/Report no.: Acquisition Management Presentation;SYM-AM-21-145
Acquisition Management Video;SYM-AM-21-220
Abstract: Today’s missions rely on highly integrated and complex technology that must be protected from a wide range of adversaries in a very dynamic and contested cyber environment. The predominant response to the growing, shifting cyber threat has been to apply cyber hygiene best practices and focus on satisfying compliance mandates for an authority to operate. While necessary, these steps alone are not sufficient, given the pace of technology change and the increasing abilities of our adversaries. For organizations developing or acquiring complex, software-enabled technologies, a cybersecurity strategy provides a critical set of guidelines that enable intelligent, risk-based decisions throughout the life cycle. The strategy identifies planning, design, monitoring, and enforcement considerations for integrating cybersecurity into all products, processes, and resources. As such, it defines expectations for how the individual technology components, their assembled configurations, and their interactions will meet the security requirements of a mission. Effective cybersecurity requires the application of engineering rigor to the process of defining security requirements in the context of other system imperatives. Cybersecurity engineering is a discipline focused on analyzing and managing mission and system cyber risk and trade-offs across the life cycle. Cybersecurity engineers evaluate interactions, dependencies, and system response to attacks. They identify security practices and mechanisms that need coordination across the life cycle, spanning components, people, processes, and tools. They prepare the technology to handle the operational environment where it will ultimately reside. In this paper, we introduce the purpose of a cybersecurity strategy and describe the role of cybersecurity engineering in implementing it. We identify six key cybersecurity engineering activities and share observations on how these activities can be used to address the challenges acquisition programs face as they work to improve cybersecurity under resource and time constraints.
Description: Acquisition Management / Defense Acquisition Community Contributor
URI: https://dair.nps.edu/handle/123456789/4452
Appears in Collections:Annual Acquisition Research Symposium Proceedings & Presentations

Files in This Item:
File Description SizeFormat 
SYM-AM-21-220.mp4Presentation Video14.53 MBUnknownView/Open
SYM-AM-21-145.pdfPresentation PDF2.6 MBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.