This document discusses how cybersecurity has traditionally been seen as an IT issue rather than a business issue, and how management information systems (MIS) can help bridge the gap between cybersecurity and business operations. The key points made are:
1) Cybersecurity departments collect and analyze large amounts of business data but have struggled to define meaningful metrics and communicate risks to business stakeholders in a way that supports decision-making.
2) MIS understands how to support business decision-making through reporting and can help cybersecurity define key performance indicators that are meaningful to the business rather than just technical metrics.
3) By gaining access to cybersecurity data and integrating cybersecurity elements into existing reporting, MIS can act as a translator between
2. OVERVIEW
•Cyber is not an IT issue but a business issue
•Cyber depts consume the most business data
•Cyber is trying to be MIS, but poorly
•Mismatch between existing MIS and Cyber
•How MIS and Cyber can work together
3. CYBER IS NOT AN IT ISSUE
•Business strategy
•Business processes
•Behaviors
•Technology, tools, training
4. EXAMPLE: FIREWALLS
•Connecting to the Internet is a benefit to the
business
• Information access
• Information sharing
• Speed
• Services
5. EXAMPLE: FIREWALLS
•Just like doors, they allow access both ways
•Doors need locks
•Process for locking and checking the locks at
night is a management issue
•Same for the process for installing and
reviewing firewalls
6. “
”
IF EVERYONE DID EVERYTHING THEY
WERE SUPPOSED TO DO, NO ONE WOULD
NEED OUR PRODUCT.
Symantec CTO
Technology exists to support good behaviors and
processes.
7. CYBER CONSUMES THE MOST DATA
•Cyber departments connect to every business
system
•Network data
•Operational data
•Risk-based content data
•DLP (Data Loss Prevention) systems
8. CYBER CONSUMES THE MOST DATA
•# of successful audits
•# of systems patched
•# of policy violations
•# of flaws found by
audits
•# of compromised
accounts
•% of systems risk-
assessed
•% of staff taking
training
•% of bad network
traffic
•% of code peer-
9. CYBER ANALYSES THE MOST DATA
•Thresholds
•KPIs
•Anomalies
•Direct risks to the organisation
11. CYBER DATA COLLECTION PROBLEM
•Too many systems
•Systems not designed to interface with each
other
•No common data definition
•No common foundation to compare data
collected
•Systems to collect and process varied data is
13. CYBER METRICS PROBLEM
•Lots of things to measure
•Metrics require meaning to the measures
•What’s important? What’s not?
•What needs to get reported at the top?
•How are KPIs defined?
14. CYBER TRYING TO LEARN MIS
•Common conference and article topic
•Not a lot of mature advice
15. CYBER TRYING TO LEARN MIS
•Curse of Knowledge
•Non-business people trying to figure out what
business cares about
•Business people hoping someone tells them
something they should care about
16. CYBER TRYING TO LEARN MIS
•Protection tools purchased without defining
benefit
• Biz: “Stop bad things from happening”
• Cyber: “We installed this thing to stop bad things”
• Biz: “We won’t have any more bad things?”
• Cyber: “No, but maybe fewer bad things will
happen. Just in case, don’t click on dodgy emails.”
18. MIS, MEET CYBER
•ROI and cyber don’t mix
•“Cyber isn’t a thing”
•Fraud, compliance, uptime, customer data toxic
assets, operational impacts
19. MIS, MEET CYBER
•MIS can fill a gap that the business and the
cyber department don’t even know they have
•MIS knows what the business needs to know
•Tie the cyber measures to business and project
goals
21. MIS, MEET CYBER
•Guide cyber in creating meaningful metrics
•Gain access to cyber data and include
cybersecurity elements to the reporting you are
already doing
22. BE THE TRANSLATOR BETWEEN CYBER AND
THE BUSINESS
BOTH WILL THANK YOU FOR IT