Driving Innovative IT Metrics (Project Management Institute Presentation)Joe Hessmiller
Most project managers focus on the 'backward looking' cost, quality and schedule performance data. But, the success of the project is driven by conditions that are seldom monitored, and almost never systematically. This talk is about what those conditions area and the "forward looking" metrics needed.
Project prioritization becomes more strategici-nexus
Very few organizations have the luxury of committing to a range of projects without having an effective way of prioritizing these. One could argue that this issue is more likely to be experienced by organizations that are relatively immature in their operational excellence or strategy execution journey. We’re not necessarily finding that. As companies continue to look to cut waste, improve efficiencies and improve the effectiveness of their strategy processes, project prioritization has become a hot topic.
Gaps/needs assessment is an investigative process with the purpose of connecting an organization's performance problems or opportunities for performance improvement to specific human performance interventions
Driving Innovative IT Metrics (Project Management Institute Presentation)Joe Hessmiller
Most project managers focus on the 'backward looking' cost, quality and schedule performance data. But, the success of the project is driven by conditions that are seldom monitored, and almost never systematically. This talk is about what those conditions area and the "forward looking" metrics needed.
Project prioritization becomes more strategici-nexus
Very few organizations have the luxury of committing to a range of projects without having an effective way of prioritizing these. One could argue that this issue is more likely to be experienced by organizations that are relatively immature in their operational excellence or strategy execution journey. We’re not necessarily finding that. As companies continue to look to cut waste, improve efficiencies and improve the effectiveness of their strategy processes, project prioritization has become a hot topic.
Gaps/needs assessment is an investigative process with the purpose of connecting an organization's performance problems or opportunities for performance improvement to specific human performance interventions
Balanced Scorecard IT Strategy and Project ManagementGlen Alleman
IT projects rarely have a 1st order impact on financial results. Their impact us usually a 2nd or 3rd order. Tracing this impact is part of IT strategy. Delivering this impact is execution
It is difficult to overstate the importance of governance to SOA initiatives, whether in the context of service governance (i.e. governing the lifecycle of services from creation through deployment) or the broader issues of IT governance (commonly defined as specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT). This session presents a holistic discussion of governance with SOA. It outlines the key policies that organizations should consider with regards to finance, portfolios, operations, architecture, technology, projects and people. It will also outline six successful steps to governance with SOA, as part of the decisions, processes and policies that contribute to successful business and SOA objectives. The presenters will address, how as part of the execution of an SOA strategy, organizations should put together a SOA Roadmap. Also discussed is how organizations need to govern the execution of the SOA Roadmap to ensure delivery of all SOA and business objectives.
An Accountability Framework would allow for goal directed expenditure, result-based performance monitoring, re-defined roles and responsibilities, synergistic alignment of resources, transparent reporting and data management, as well as mutual consensus on pre-determined consequences for falling short of articulated targets.
The Changing Landscape of Project Management in 2018Richard Kok
The Project Management landscape is changing and so are the skills required to be a good project manager. Structured and progressive skills are intermingled and hybrid methodologies are common place these days.
Business process monitoring system in supporting information technology gover...journalBEEI
Information technology (IT) is essential in supporting an organization's business sustainability and growth, making it critically dependent on IT. Therefore, a focus on IT governance, consisting of leadership, organizational structure, and process ensuring that IT organization supports and expands the organizational strategies and goals is required. When the business supports the strategic significance of IT investment, the implementation of an IT strategy will lead to the adoption of an IT governance model. It will support and help the description of the benefit roles and responsibilities from IT systems and infrastructure. This paper aims to develop a business process monitoring system to support IT governance in improving user service and measuring organizational performance. The research method was the system development method with the Waterfall model. To measure the performance of the business process, the self-assessment method with performance matrix tools was applied. The study resulted in a business process monitoring system that can enhance the organization’s primary business process in services, supporting the said organization’s performance.
An Overview of methods used in Future Studies or Strategic Foresight enabling Organisations to engage in effective Forward Planning.
Document prepared and disseminated by Stratserv Consultancy
A guide to deal with uncertainties in software project managementijcsit
Various project management approaches do not consider the impact that uncertainties have on the project.
The identified threats by uncertainty in a projec day-to-day are real and immediate and the expectations in
a project are often high. The project manager faces a dilemma: decisions must be made in the present
about future situations which are inherently uncertain. The use of uncertainty management in project can
be a determining factor for the project success. This paper presents a systematic review about uncertainties
management in software projects and a guide is proposed based on the review. It aims to present the best
practices to manage uncertainties in software projects in a structured way including techniques and
strategies to uncertainties containment.
Balanced Scorecard IT Strategy and Project ManagementGlen Alleman
IT projects rarely have a 1st order impact on financial results. Their impact us usually a 2nd or 3rd order. Tracing this impact is part of IT strategy. Delivering this impact is execution
It is difficult to overstate the importance of governance to SOA initiatives, whether in the context of service governance (i.e. governing the lifecycle of services from creation through deployment) or the broader issues of IT governance (commonly defined as specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT). This session presents a holistic discussion of governance with SOA. It outlines the key policies that organizations should consider with regards to finance, portfolios, operations, architecture, technology, projects and people. It will also outline six successful steps to governance with SOA, as part of the decisions, processes and policies that contribute to successful business and SOA objectives. The presenters will address, how as part of the execution of an SOA strategy, organizations should put together a SOA Roadmap. Also discussed is how organizations need to govern the execution of the SOA Roadmap to ensure delivery of all SOA and business objectives.
An Accountability Framework would allow for goal directed expenditure, result-based performance monitoring, re-defined roles and responsibilities, synergistic alignment of resources, transparent reporting and data management, as well as mutual consensus on pre-determined consequences for falling short of articulated targets.
The Changing Landscape of Project Management in 2018Richard Kok
The Project Management landscape is changing and so are the skills required to be a good project manager. Structured and progressive skills are intermingled and hybrid methodologies are common place these days.
Business process monitoring system in supporting information technology gover...journalBEEI
Information technology (IT) is essential in supporting an organization's business sustainability and growth, making it critically dependent on IT. Therefore, a focus on IT governance, consisting of leadership, organizational structure, and process ensuring that IT organization supports and expands the organizational strategies and goals is required. When the business supports the strategic significance of IT investment, the implementation of an IT strategy will lead to the adoption of an IT governance model. It will support and help the description of the benefit roles and responsibilities from IT systems and infrastructure. This paper aims to develop a business process monitoring system to support IT governance in improving user service and measuring organizational performance. The research method was the system development method with the Waterfall model. To measure the performance of the business process, the self-assessment method with performance matrix tools was applied. The study resulted in a business process monitoring system that can enhance the organization’s primary business process in services, supporting the said organization’s performance.
An Overview of methods used in Future Studies or Strategic Foresight enabling Organisations to engage in effective Forward Planning.
Document prepared and disseminated by Stratserv Consultancy
A guide to deal with uncertainties in software project managementijcsit
Various project management approaches do not consider the impact that uncertainties have on the project.
The identified threats by uncertainty in a projec day-to-day are real and immediate and the expectations in
a project are often high. The project manager faces a dilemma: decisions must be made in the present
about future situations which are inherently uncertain. The use of uncertainty management in project can
be a determining factor for the project success. This paper presents a systematic review about uncertainties
management in software projects and a guide is proposed based on the review. It aims to present the best
practices to manage uncertainties in software projects in a structured way including techniques and
strategies to uncertainties containment.
A systematic review of uncertainties inijseajournal
It is no secret that many projects fail, regardless of the business sector, software projects are notoriously
disaster victims, not necessarily because of technological failure, but more often due to their uncertainties.
The threats identified by uncertainty in day-to-day of a project are real and immediate and the stakes in a
project are often high. This paper presents a systematic review about software project management
uncertainties. It helps to identify the difficulties and the actions that can minimize the uncertainties effects
in the projects and how managers and teams can prepare themselves for the challenges of their projects
scenario, with the aim of contributing to the improvement of project management in organizations as well
as contributing to project success.
Foresight; The Springboard to maintaining pace and achieving successChiomaChigozieOkwum
Foresight is a veritable ingredient for maintaining competitive advantage in a highly competitive world. The presentation showcases the strengths in deploying foresight for assured growth.
Running Head CURRENT TECHNIQUES IMPLEMENTED IN CONSTRUCTION INDUS.docxhealdkathaleen
Running Head: CURRENT TECHNIQUES IMPLEMENTED IN CONSTRUCTION INDUSTRY TO ELIMINATE SECURITY RISKS 2
CURRENT TECHNIQUES IMPLEMENTED IN CONSTRUCTION INDUSTRY TO ELIMINATE SECURITY RISKS 2
Current Techniques Implemented in the Construction Industry to Eliminate Security Risks
Group 4
Balaram Chekuri
Laxmi Sravani Vallurpallis
Mohan Kadali
Shivasai Pabba
Vaagdevi Jali
University of the Cumberlands
ITS835-41 Enterprise Risk Management
Residency Assignment Research Paper
Professor Dr. James C. Hyatt
10/20/2019
Statement of the Problem and it is Setting
Risk management has been one of the breakthroughs for the modern world, and at the same one of the intellectual achievements is the identification, transformation, or risk and going from a world that described risk as fate to a world that looks at risk as an area of study. Risk management is the utilization of risk analysis to come up with management strategies used to reduce risk. Whereby generally in project management there are the two techniques categories qualitative; that involves impact and probability assessment, expected value calculations and influence diagrams and quantitative; that typically focuses on the overall risk which is managed more with numerical approach, and has techniques such as decision trees, Monte Carlo analysis and sensitivity analysis (McNeil et al. 2015). In various fields, there is enormous risk faced, and at the same time, there is a corresponding quantitative technique that can be used to address the risk. The focus is on the quantitative risk management techniques; they are based on scientific, mathematical and statistical background, that promise to give thorough and detailed management and quantification of risk that is imperative for designing the response (Teixeira et al. 2015).
This paper, based on the construction industry, provides an overview of the analytic overview of different quantitative risk analysis techniques. There is a focus on building on the existing quantitative techniques that are best for the construction industry around the world when it comes to utilizing relevant techniques after a qualitative risk analysis. In addition to this, there is looking further into the techniques and their details.
Guiding Questions
· Does Your Risk Management Process Address Root Cause of Failure?
· Are there gaps in this field?
· What Does Your Business Performance Tell You About Risk?
· What Do Controls Tell You About Your Risks?
· The main focus is looking at the practitioners and researchers looking: at the reason why they should simplify the existing techniques?
· Which, at the same looks at the research gaps in this field and propose areas of further research for project risk management in construction, which will improve the existing techniques.
Assumptions
Project Risk manage ...
Risk-based Monitoring Strategies for Improved Clinical Trial PerformanceCognizant
To address draft regulatory guidance for risk-based clinical trial monitoring, sponsors should consider strategies that utilize social, mobile, analytics and cloud technologies to create responsive methodologies that satisfy both the spirit and the letter of these new guidelines.
• Social environment is very comprehensive because it may include the total social factors within which an organization operates.
• The culture within a society, consists of the cultivated behavior of individuals in that society.
• This factor includes people’s attitude to work, health, marriage, religion, education, ethical issues, social responsibility business, etc.
• From business point of view, social environment may include expectations of society from business, attitudes of society towards business and its management, views towards achievement of work, views towards customs, traditional and conventions, level of education, etc.
• “The forces, factors and institutions with which the businessman has to deal with to achieve its objectives”.
• It is the surrounding in which the business exists.
• Whenever any businessman is operating or working then he has to interact with the customers, suppliers and he has to perform the transactions within the rules and regulations of the government.
• Environment means the surroundings, external objects, influences or circumstances under which someone or something exits.
• 1. Events are important and specific occurrences taking place in different environmental sectors.
• 2. Trends are the general tendencies or the courses of action along which events take place.
• 3. Issues are the current concerns that arise in response to events and treats.
• 4. Expectations are the demands made by interested groups in the light of their concern for issues.
Measuring the impact of integrated systems research
Panel Speakers: Vincent Gitz, Natalia Estrada Estrada Carmona, Monica Biradavolu and Karl Hughes. Measuring the Impact of Integrated Systems Research (September 27, 2021 – September 30, 2021). Three-day virtual workshop co hosted by the CGIAR Research Programs on Water Land and Ecosystems (WLE); Forests, Trees and Agroforestry (FTA); Policies, Institutions, and Markets (PIM); and SPIA, the Standing Panel on Impact Assessment of the CGIAR. The workshop took stock of existing and new methodological developments of monitoring, evaluation and impact assessment work, and discussed which are suitable to evaluate and assess complex, integrated systems research.
Workshop proceedings of "Identifying contextualized indicators to measure SDGs"4th Wheel Social Impact
Keeping social impact management at the centre, 4th Wheel Social Impact is committed to strengthening social programs in India by improving the way they are designed, implemented, monitored and evaluated. The organization believes the integration of data, technology and partnerships will enable the achievement of the Sustainable Development Goals (SDGs).
The workshop focussed on Theory of Change, Indicator Development, SDG linkages of indicators.
This workshop was supported by Swedish Institute.
Open Digital Architecture (ODA) is a blueprint for modular, cloud-based, open digital platforms that can be orchestrated using AI.
Designed to support our industry into the cloud native era, ODA sets the framework required
for CSPs to invest in IT, transforming business agility and operations by creating simpler IT and network solutions that are easier and cheaper to deploy, integrate and upgrade. Enabling growth, profitability and a cutting-edge customer experience.
A simple Small to Medium Enterprise Cybersecurity approach with minimal cost for Enterprise `security Architecture implementation with technologies proposed
Control physical and logical access to assets, Manage identification and authentication of people and devices, Integrate identity as a service (e.g., cloud identity),
Integrate third-party identity services (e.g., on-premise), Implement and manage authorization mechanisms, Prevent or mitigate access control attacks, Manage the identity and access provisioning life cycle (e.g., provisioning, review)
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
2. 1. INTRODUCTION
2. STOCK TAKING
3. METHODS AND FRAMEWORKS
4. SELECTION CRITERIA
5. BEST PRACTICES
6. APPLICATION USE CASES
7. CONCLUSION & NEXT STEPS
3.
4. Foresight is a complex, multi-stage, ideally ongoing process,
the ultimate aim of which is informed decision-making with
regard to securing strategic plans for possibly diverse future
developments.
Foresight is still evolving and changing today.
That is largely because it is action-oriented, and therefore has
tangible results;
it is open, meaning there is freedom within foresight to think
outside of the box or to reshape previous notions;
lastly it is participatory and multidisciplinary – foresight
brings together diverse groups that have expertise in a wide
range of topics, thus providing more realistic and thoughtful
possible futures.
5. “Foresight is neither prophecy nor prediction. It does not aim to predict the future – to unveil it
as if it were predetermined – but to help us build it.” – EU Foresight Platform
Foresight Overview
6. FACILITATION OF
STAKEHOLDER
RELATIONSHIPS
CAPABILITY
ENHANCEMENT
KNOWLEDGE
GENERATION
Three main benefits of Foresight:
Knowledge helps individual stakeholders best
position themselves for future developments;
with knowledge, they can see beyond the fallacy
that the future will look much like the present
and imagine leading-edge futures (Wilkinson,
2013). The process of developing this knowledge
and insight increases connections between
stakeholders, thus strengthening related
networks – in this case the cybersecurity
community. Finally, foresight can contribute to
capability enhancement, during which
organizational and stakeholder capabilities may
be prioritized based on the findings of the
foresight activity. This information is critical for
identifying and enabling the development and
acquisition of key skills, policies, and
technologies.
7. 1. OBJECTIVES AND SCOPE
To adequately address future cybersecurity threats and to shape a more secure
society.
By fostering the ability to understand potential futures, will be able to better shape
the cybersecurity ecosystem to address and manage emerging and future challenges.
This project aims to deliver an exemplary structured foresight framework
(comprised of a selected set of foresight methods applied to representative use cases)
for generating trend outlooks, scenarios and perspectives on the future to identify
and address emerging and future cybersecurity challenges.
The framework or sets of methods recommended must be suitable for the range
activities including strategic long-term planning, research agenda setting, threat
landscape evaluation, and formation of future policy priorities.
It is therefore required that the framework be flexible and easily adapted to each
context and environment.
This report is not intended to be a comprehensive overview of all foresight methods
available, but rather aims to highlight the most relevant methods – based on
ubiquity or suitability to ENISA’s core foresight needs.
8. 2. STRUCTURE OF THE REPORT
The report reflects the progression and outcomes of the research study and is structured as
follows:
9.
10. 1. OVERVIEW
To develop this framework, ENISA conducted a thorough literature
review to explore a broad range of information on foresight, with a
focus on methods, tools and applications that could be relevant for
ENISA
2. STAKEHOLDER ANALYSIS
The experts interviewed as a part of this project represent a diverse
group of individuals.
11.
12. 1. INTRODUCTION
Each foresight activity begins with the identification of scope, objectives,
and stakeholders – this step is a critical success factor.
Depending on the aim of the foresight project, (and factors such as the
point in time to be analysed (time horizon), field of application, scope of
the project, available resources (human, time, financial), ability to shape
future evolutions), a specific set of methods is selected to best fit the
specified project.
A foresight exercise requires thoughtful preparation, involvement of the
stakeholders and participants, constant monitoring, skilful management,
and continuous adaptation.
For a comprehensive description of the entire foresight process and
overview of foresight methods, we refer the interested reader to the
European Foresight Platform,13 a very useful resource and reference.
EUROPEAN FORESIGHT PLATFORM - http://www.foresight-
platform.eu/
13. FUTURE HANDLING
The project or method’s approach can be either “responsive”, meaning to devise strategies to react to
possible events, or “normative”, to design a future (that can be desirable or undesirable) and then take
steps to impact that chosen future.
FORESIGHT INTENTIONS
14. 2. OVERVIEW OF SELECTED METHODS AND FRAMEWORKS
Both cybersecurity and foresight benefit from a diverse and interdisciplinary environment. For
this reason, it is often wise to integrate frameworks from other fields. We believe that the
guidelines, practices, approaches, methods and tools of both systems thinking and user-
centred design can be key to establishing the right mindset when approaching fore sighting in
the field of cybersecurity.
User-Centred Design offers a set of guidelines and tools that focus on the human factor in
business and technological implementations, helping to better define and design interactive
systems and organizations. The framework makes extensive use of immersive analysis and
empathy exercises, providing a window into the thoughts, aspirations, desires, needs and
actions of the human actors.
The framework of Systems Thinking, on the other hand, allows us to “see the forest through
the trees.”17 82 This phrase distils the essence and objective of the framework: to enable its
practitioners to identify, observe, analyse and shape systems, as well as the relationship
dynamics between its elements.
Both frameworks may provide a foundational aspect of a foresight project and support the
development of a point of view or mindset.
15. 3. METHOD CATEGORISATION
To better illustrate the range of methods, the relevant methods, frameworks, and tools have been
grouped into six categories driven by the stocktaking phase of this project. Not all methods listed
can be considered explicit to foresight – we have also included strategic planning methods and
problem-solving techniques that are often integrated into foresight activities.
Likewise, cybersecurity analysis methods are also included here to provide an overview of relevant
approaches for foresight in cybersecurity. These methods and techniques are not used in traditional
foresight but may be applied if they support the objectives of the foresight activity. For that reason,
a selection of methods is included in this report for future reference.
Selection of methods used in foresight
16. A. ENVIRONMENTAL SCANNING / ANALYSIS FRAMEWORK
Environmental analysis frameworks enable the user to systematically explore
a chosen environment, with the goal of detecting weak signals of incoming
change that could significantly impact the future.
These methods provide a structured and analytical view of the current
situation in order to create common understanding. This category of methods
usually draws upon the diagnostic intention.
There are different techniques to scan the environment including, for example:
1. STEEP–framework to analyse Socio-cultural, Technological, Economic, Environmental and
Political factors of a particular arena.
2. PESTLE–frameworktoanalysePolitical,Economic,Socio-cultural,Technological, Legal and
Environmental factors of a particular arena.
3. SWOT–frameworktoidentifyandanalysetheStrengths,Weaknesses,Opportunities, and
Threats for a particular topic or entity.
17. B. TREND ANALYSIS
A trend is defined as a tendency of a development over time, or an emerging pattern of
change that commonly influences large social groups. Trend analysis methods usually
serve prognostic or diagnostic intentions.
Trends can be analysed in many ways – for instance, by means of literature reviews,
bibliometrics, text-mining, patent analyses, and trend impact analyses, among others.
These methods identify current or emerging trends and typically explore the cause,
potential impact, probability, and speed of occurrence of those trends.
Further methods used to analyse trends include:
1. Causal Layered Analysis–Supports the identification of driving forces by gaining insight
into participants’ perceptions such as world views, values, and cultural norms
2. Trend Radars–provides across-industry view of emerging and already existing trends
within the target environment
3. Trend Impact Analysis – analysis of the impact of one or more possible events on the
extrapolation of a trend into the future.
4. Horizon Scanning–Systematic monitoring of current trends as well as the identification of
new, relevant developments in a particular area through a creative process of collective
sense-making.
18. C. EXPERT GROUP FORESIGHT
Expert group foresight covers a variety of methods, where a group (or a crowd) of participants provides
input on the issue under study.
The best-known members of the expert group foresight family are the Delphi method and expert panels.
In both, experts share their insights about the future. The Delphi method however involves a more
structured communication method to elicit answers from experts.
Experts are usually involved to support a foresight project with its prognostic or prescriptive intentions.
Delphi is an explorative method based on a structured and iterative group communication between
subject matter experts expressing judgements on the chosen topic.
In the first sequence, various experts in a particular field are surveyed separately about a specific topic
or question.
Afterwards, their anonymized contributions are collected, and experts are asked to provide feedback to
the collected insights.
To reach a consensus, this process would be repeated multiple times.
This approach helps to avoid groupthink and therefore tends to generate more creative ideas from a
variety of perspectives.
19. C. EXPERT GROUP FORESIGHT
The entire process can be conducted remotely, which makes it easier to
engage a more diverse expert group from all over the world.
This method can be time-consuming, especially when there are multiple
iterations.
Japan’s National Institute of Science and Technology Policy (NISTEP)
conducts foresight exercises approximately every five years, most of which
rely on a large Delphi study with approximately 2000 participants.
Other examples of expert group-based methods include:
Aggregated Judgements/Group-based Forecast–logically combines multiple individual
judgements into consistent and collective judgements.
Key Technology Study(Technology Forecasting)–applies sets of criteria to critical
technological developments in order to enable informed assessments
Note that there are also crowd or participatory foresight methods, in which
inputs are solicited from non-experts.
20. D. Scenario Methods
Scenario methods are some of the most used and well-known
prognostic methods in foresight. They are used as exploratory tools to
think about possible, desired or undesired futures rather than to
predict a single future in detail. These methods can also be used to
simulate and test various solutions prior to determining an optimal
strategy. Usually, more than one possible future is explored to support
decision-making that avoids potential challenges and pitfalls.
Scenario generation is typically preceded by a diagnostic phase that
allows for the informed consideration of key factors that can impact
the future of the issue at hand. Thinking about multiple possible
futures raises awareness of various factors that may affect the future;
this knowledge enables the development of more flexible, future-proof,
adaptive strategies.
21. D. Scenario Methods
Scenarios can be approached with various methods, for example:
1. Gaming
a. devising games or roleplay scenarios to test possible strategies or
solutions by identifying possible reactions to and consequences of
their implementation.
2. Visioning
a. Looking to the ideal future to create a strategy to achieve specific
goals.
3. Cross Impact Analysis
a. evaluates the likelihood of specific future events occurring by
assessing probability of other events occurring and then exploring
their mutual relationship.
22. E. Morphological Analysis and Backcasting
This category covers methods that are not typically associated but share the same two
characteristics - a prescriptive foresight intention and focus on event regression and
system decomposition.
Regression analysis in foresight follows a similar approach to statistical regression
analysis.
However, regression analysis in foresight works with qualitative data and subjective
opinion, as opposed to quantitative methods to identify events and event triggers that
may lead to a predicted future event.
Decomposition, on the other hand, seeks to break down complex systems into smaller
parts to facilitate analysis of its components, the dynamics governing the interaction of
components and the effect they have on the system.
Morphological Analysis is a creative, heuristic, normative method that supports the exploration
of complex problems and possible solutions using a multi-dimensional matrix. It is a time-
consuming group exercise that requires facilitation.
Backcasting is another normative method that centres a selected scenario of a desirable (or
undesirable) future. The participants then move backwards in time to identify the decisions or
events that need to take place to transform that selected scenario into reality. Through
backcasting, organizations can plan which actions they should take and evaluate potential
consequences. It raises awareness of the fact that the future is determined by many
factors and that different actions lead to various alternative outcomes.
23. E. Morphological Analysis and Backcasting
Threatcasting is a multi-stage method that involves envisioning an unwanted
future, then reconstructing steps and decisions that need to be taken to prevent
that future from occurring.
It was designed primarily for analysing military futures. Threatcasting combines
many foresight methods including Delphi, science fiction prototyping, backcasting,
and scenario modelling.
This method has a defined time horizon – each activity is designed to look forward 10
years into the future.
Other methods included in this category are:
1. Technology Sequence Analysis – generates probable timelines for technology
releases by analysing estimates of the time required for intermediate technical
steps
2. Roadmapping–produces a document that defines the steps and milestones
necessary to obtain a desired future
3. Multi-criteria Analysis–compares possible identified solutions against a weighted
set of assessment criteria.
4. Synectics – promotes new and creative ways of thinking by, for example, imagining
24. F. Cybersecurity Analysis Methods
As a discipline, cybersecurity often assesses risk and potential future
threats, incidents and crisis scenarios.
These methods are all variations of risk assessment techniques.
Each is slightly different in terms of focus (e.g., on the threat actor or
on visualization) but all aim towards identifying and prioritizing risk
and subsequently responding to that risk.
The methods in this category can be used for diagnosis, prognosis, or
prescription.
25. F. Cybersecurity Analysis Methods
Below are a few well-established methods for risk analysis and threat
modelling.
1. Threat Agent Risk Assessment (TARA)
a. a threat-based risk assessment method used to identify, assess, and prioritise
risks. It takes threat actors, their motivations, and possible methods into account.
2. Operationally Critical Threat, Asset, and Vulnerability Evaluation(OCTAVE)
a. a comprehensive evaluation method to identify, rank, and manage cybersecurity
risks.
3. Threat Modelling
a. A conceptual analysis technique used for identifying potential vulnerabilities and
developing measures in the early stages of application or service development.
b. There are many frameworks and methods for threat modelling, one such method
is Attack Trees. Attack Trees support the formulation of trees of possible
techniques that may help an attacker achieve their objectives.
26.
27. The first step of any foresight activity is scoping; during this phase the person or group
responsible for the activity defines key objectives and reviews the context of the activity.
Once completed, they may consider the following key criteria to narrow down the choice of
foresight methods, tools, and/or frameworks.
1. Target outcomes and deliverables – which methods, tools, and/or frameworks will most likely
produce the required effects on stakeholders? Which will most likely produce the deliverables
expected from the foresight activity?
2. Foresight intention – Consider the foresight intentions described in 3.1 for each step of the planned
activity. Is the objective to diagnose a current state, or to prognose or prescribe a future state? The
selection of methods must be based on suitability to the underlying objectives of the foresight
activity.
3. Future handling approach – Should your activity be more responsive or normative? Is the objective
to prepare to respond to events or shape futures?
4. Time horizon – The time horizon is the point in the future that targeted by the foresight activity.
Which methods, tools, and/or frameworks can be implemented to diagnose or prognose events, or
prescribe handling options, for the fixed point in time which will be evaluated during the activity?
5. Activity timeframe – Which methods can be completed within the time line set for the execution of
the foresight activity? Are there tools or frameworks that could support the on-track and timely
execution of the activity?
6. Required resources/skills – What access does the project have to administrative support, data
available on the subject, expert participants, financial resources, etc.?
28. Multiple experts emphasized that the choice of method highly depends on the context
of the exercise, including the following more abstract criteria:
1. Clarity of desired outcomes – Any ambiguity towards desired outcomes must be clearly
addressed before method selection. The methods that are applied must help produce outcomes
that are useful and usable for the project’s key stakeholders.
2. Participant Group – All methods must consider the unique characteristics of the participant
group; they should enable maximum engagement, capacity for creative thinking, and
transparent communication. If the participants are already known to the organizer, key factors
to analyse include existing or expected group dynamics, personalities, roles, and areas of
interest.
3. Publicity–If one goal of the foresight activity is to generate publicity, scenario modelling
techniques are usually favoured because they are the most attention- grabbing and easiest to
describe. However, the findings of the activity may be misrepresented by the press, which may
undermine the diplomatic process or other relationships with stakeholders. These facets
should be evaluated for each foresight activity.
4. Experience – Experts from the Working Group stated that when they use methods they are
familiar with (as opposed to methods unfamiliar to them), the activities progress more
smoothly and tend to generate more dynamism and interaction. Nonetheless, the benefits that
the facilitator may gain from familiarity should be secondary to selecting methods that support
the objectives of the exercise.
34. 1. TOOLS
Not quite at the level of a method, tools are supporting frameworks or platforms that aid
the application of foresight methods.
This section provides a non-exhaustive overview of the types of tools available.
While some are efforts to “digitalise” foresight, others simply enhance the in- person
foresight experience. When selecting tools for a specific foresight activity, we recommend
reviewing other possible sources as there are some tools designed for a specific audience or
context.
a) Workshop Facilitation Tools
These tools and techniques are often used by workshop facilitators to ease communication in
workshops or to elicit creative ideas from participants. Some well-known examples are:
i. Brainstorming,whereparticipantsareencouragedtogeneratelargeamountofraw, spontaneous ideas,
while getting inspired by the ideas of other participants, without being subjected to immediate
judgement.
ii. WorldCafé,wherealargegroupofparticipantscandiscussvariousquestionsina structured way, in
rounds, within smaller groups, and note down their ideas on large sheet of paper for the
remaining groups to see and serve as reference.
iii. Mindmapping,atechniqueofgraphicfacilitationtohelpvisuallyorganizecollected information.
35. 1. TOOLS
a) Workshop Facilitation Tools
iv. Artificial Intelligence (AI)-Based Tools
AI-based tools may assist foresight activities like assessment of the current environment, trend analysis, or trend
extrapolation. While not ubiquitous, these tools are now often integrated into the foresight process.68
AI software can be especially helpful for text-mining and analysing large datasets, for instance to identify terms
and phrases possibly indicative of emerging or future trends or to support a literature review. Natural Language
Processing is typically used for these activities.
AI-based tools may also support the selection of scenarios.
v. Collaboration Tools & Foresight / Trend Databases
To better facilitate foresight exercises, many experts recommend the use of collaboration tools (such as digital
whiteboards and note-taking apps), as well as research databases for desktop research and trend recognition. It is
important to note that within the expert community existing radar databases and foresight information sources are
not always trusted. These sources rarely publish details on the information gathering and preparation process,
therefore the experts interviewed typically rely on their own research or primary sources to determine trend-related
information.
vi. Conferencing Tools
Conferencing tools are often used to involve participants from various geographic regions. They are extremely
helpful for bringing together a diverse group of participants. However, we hypothesize that there is also a downside
to using these tools. Participants may be less able to fully devote their attention to online meetings (as opposed to
in-person workshops) due to the reduced interactivity of remote workshops and the fact that some individuals may
be tempted to multitask or to join other meetings. Additionally, there may be varying levels of digital literacy within
a group – due to a lack of technical skills and familiarity, some participants may not be able to fully and confidently
participate while using a conferencing tool.
36.
37. 1. SUMMARY OF BEST PRACTICES
a. Scoping & Administration
i. Scoping is a critical step in the foresight process
ii. In the initial scoping phase, the organizer begins to define objectives, foresight intention, time
horizon, future handling approach, timeframe, required resources, etc.
iii. It is important to ensure that the objectives can be reached with the provided budget and resources.
iv. In this stage of the project, the objectives of the activity should be well-defined (e.g., desired outcome,
target audience, time horizon, stakeholders, key deliverables, communication and dissemination,
etc.).
v. It is also helpful to define objectives for each method or workshop - e.g., define a question for each
STEEP factor.
vi. In order to ensure maximum engagement, consider participant availability and key organizational
or environmental milestones.
vii. Furthermore, if the results of the foresight activity need to be provided to a key decision-maker,
ensure that the findings can be delivered prior to major strategic meetings or events.
viii. Finally, given that many foresight activities are regularly repeated, it is important to review results
throughout the foresight project and at its conclusion.
ix. This provides an opportunity to learn how to improve future foresight activities.
38. 1. SUMMARY OF BEST PRACTICES
b. Method Selection
i. Since foresight activities rarely have straightforward goals or standardised outcomes, methods
cannot be applied “out-of-the-box”.
ii. Often, the methods to be used for an activity must be adapted to the goal and the scope of the
activity, the context of the challenge, and even the participants involved.
iii. Foresight experts often see methods more as a frame of reference, which helps them to structure the
activities.
iv. Experts noted that creating a logical flow or frame for each foresight exercise, such as Design
Thinking, helps to focus on outcomes and to deliver a clear and concise plan.
v. The frame may take the form of a modular building block approach, in which a variety of smaller
blocks, each with a different focus (and method) are selected.
39. 1. SUMMARY OF BEST PRACTICES
b. Method Selection
vi. The methods mentioned in the example frame below demonstrate the range of possible methods - from
foresight-specific (threat casting) to more generic (role play). Frames can be grounded in existing
frameworks or be simple process flows, like this illustrative one:
understanding today (e.g., stakeholder or agent mapping/analysis, PESTLE71),
Detecting and defining changes(e.g. weak signals, trend analysis),
articulating visions and futures into a coherent scenario(e.g. through scenario modelling: stories, visuals, roleplays)
and
analysing this future (e.g., threat casting, scenario analysis, SWOT) to prepare recommendations.
In a well-designed foresight project, methods are carefully selected to form a diverse composition
that best serves the objectives of the particular project and its participants.
By using a frame, the objectives are well-defined, but the methods can be easily switched out as
needed.
The use of several methods allows for a range of topics to be addressed and increases the likelihood
that each participant will provide pertinent input, thus eliciting the best outcomes for a foresight
project.
40. 1. SUMMARY OF BEST PRACTICES
c. Duration of Foresight Projects
i. The length of foresight activities is very versatile.
ii. They tend to span from four weeks up to one year and in some cases longer than a year.
iii. These longer-term activities are often used for continuous strategic planning but are less active and
intense than shorter exercises.
iv. Long-term foresight is often assigned to a specific organizational role that is tasked with staying on top
of new trends and deriving useful conclusions from that research.
v. In these cases, work would also likely be divided into smaller, time-bound exercises.
vi. The main driver of this increase in granularity or quality of scenarios over time is introspective
activity.
vii. Typically, a participant’s capacity to understand the underlying systemic structure and possible
evolutions or emergences increases over time;
viii. therefore, participants must be given sufficient time for introspection in order to ensure high-quality
results.
ix. A high level of granularity is often difficult to achieve in foresight activities, particularly for public
sector actors, as scoping is particularly challenging at a national or regional level.
x. It is however possible to create valuable foresight results in a shorter time period.
xi. For example, in a crisis preparedness or response scenario, foresight can support a quick turnaround of
actionable information; it will just not be as detailed as projects with more time and resources.
41. 1. SUMMARY OF BEST PRACTICES
d. Participant Selection and Engagement
i. If possible, it is critical to ensure the involvement of the project’s key stakeholders (e.g., the Head of
Strategy) throughout the entire foresight process, including in smaller workshops.
ii. Delivering reports and outcomes at the end of the exercise is not as impactful for the readers as direct
participation. In such a case, the findings of the exercise are less likely to be acted upon.
iii. To ensure high-quality, well-rounded outcomes, a diverse group of individuals should be selected for
participation.
iv. Diversity in this context will depend on the topic being analysed but may cover expertise, political
affiliation, national origin or nationality, race, social class, gender, organizational role, age, etc. Ideally, all
affected populations should be involved and represented in a foresight exercise.
v. Beyond the diversity of the group, it is also recommended to evaluate group dynamics when selecting
participants.
vi. Characteristics that may be important to consider are shyness, ability to tolerate imperfection or lack of
clarity, ability to express oneself in a group, power dynamics, etc.
vii. Consideration of this factor helps to ensure that the exercise remains productive and maximizes the
engagement of all participants.
viii. It may furthermore be beneficial to include generalists with a broad range of expertise as participants, as
they can more easily provide a variety of perspectives.
ix. Likewise, it is often very important to include a participant with a strong legal background that can
support the group in understanding the present, and likely future, legal constraints.
42. 1. SUMMARY OF BEST PRACTICES
e. Communication & Engagement
i. Prior to the exercise, participants should be provided information such as: the goals of the exercise, the
purpose of foresight (both in general and for the specific situation), the major components of the chosen
method(s), and background on the specific topic, including any commonly used terminology that is
crucial to the project (e.g., cybersecurity terms). If possible, the participants should be involved at the
beginning of the activity in order to actively participate in shaping the project.
ii. When communicating with a group of participants with varying areas of expertise, it has proven
helpful to focus on outcomes over approach.
iii. Foresight is very rarely a person’s full-time occupation, hence the need to provide the essential
information without going into any unnecessary detail.
iv. By giving participants a clear understanding of their role in the overall project, the exercise leaders
are better able to manage any false assumptions and encourage a more unified participant group.
43. 1. SUMMARY OF BEST PRACTICES
f. Time Horizon
i. Time horizon, the time frame a foresight activity aims to analyse, may be classified as short-term or emerging
(0-5 years), mid-term (5-10 years), or long-term (10+ years).
ii. Definitions for time horizons do not always break down into these neat categories; we have adopted this
categorization for the sake of clarity.
iii. The choice of time horizon depends primarily on:
The specific use case(e.g. climate change vs new technology)
Target objective(e.g. create a strategic plan, prepare response options)
industry(fastmoving(tech)vs long-term thinking(infrastructure))
External factors(e.g. what is commonly Reported on at your organization) and
organizational or regional culture (are the participants accustomed to future-oriented thinking?).
iv. The choice of time horizon should be tailored to each individual activity; nonetheless there are some notable
characteristics for each time horizon to take into consideration.
v. While working with short-term time horizons, exercise participants tend to envision the future much like a
simple linear extension of the present, and often have a hard time stepping outside of their own cognitive
biases to envision futures different from the present (or commonly held expectations of the future.)
vi. Long-term horizons allow people to free up their minds, but the plausible futures are very complex and
speculative, as many factors need to be evaluated and weighed against one another. There is also often a lack
of reliable data sources to support the participants’ understanding of the distant future.
vii. Long-term time horizons are often used to move towards specific objectives – defining short- term responses
that are likely to result in the intended consequence.
44. 2. SUMMARY OF CHALLENGES AND PITFALLS
a. Data Quality and Quantity
i. Accurate data may facilitate more reliable foresight results.
ii. Nonetheless, data is always backward-looking; any conclusions drawn from historical data should be
evaluated for applicability to the future.
iii. In many cases there is a surplus of data, an analysis of which would overextend available resources
and overwhelm the participants with data that is still, after all, from the past.
iv. Too much data may also restrict participants in their ability to participate creatively in the foresight
workshops.
v. Other times, the data is either insufficient, or what is available is unstructured, or potentially
unreliable.
vi. In some technology-focused foresight activities, the participants’ ability to consider ongoing
innovations is limited due to lack of available information (often driven by concerns of intellectual
property theft.)
vii. While this is to be expected, it can also negatively impact the outcomes of an activity.
viii. Moreover, one expert in the Working Group outlined four types of counterfactual information that
may affect data reliability: gossip or rumours, fake news, rewriting of historical events, and frozen
conflicts.
ix. These in turn often affect foresight exercises by warping the quality of the information and render
fact-based consensus unlikely.
45. 2. SUMMARY OF CHALLENGES AND PITFALLS
b. Participant Engagement
i. Regardless of how carefully participant groups are selected, there are often cases when chosen
individuals do not fully participate in exercises or questionnaires.
ii. It is also difficult to get some participants to open up, think outside of the box, and embrace
imperfection – all of which are critical for successful foresight activities.
iii. As mentioned above, however, these challenges may be minimized by clear presentation of the
ultimate objectives and context of the exercise.
c. Cybersecurity-specific Challenges
i. Cybersecurity-specific foresight tends to focus heavily on specific technology and operational
measures, limiting the ability to see strategically across the environment.
ii. Likewise, “game- changing innovations” are rarely easy to predict, but pivotal for assessing emerging
and future cybersecurity threats.
iii. This is further complicated by the often confidential nature of the cybersecurity industry; experts
may face a conflict of interest when supporting foresight activities.
iv. The current shortage of cybersecurity professionals may also be a challenge when planning and
performing a foresight activity.
46.
47. This section presents optional roadmaps for seven use cases identified by
ENISA.
The use cases represent a sample of how ENISA may apply foresight in
the future. As mentioned in previous sections, the design of a foresight
activity must reflect the reality of the contextual situation, resources,
participants, etc.
The processes proposed in this chapter are intended as a guide – in
practice, the methods may need to be switched out or workshops added,
for example.
The use cases approaches described in the following chapter include:
1. Identification of future and emerging challenges
2. Strategic decision-making development
3. Evolution of threat landscape
4. Needs and priorities for cybersecurity R&D
5. Evolution of operational cooperation
6. Identification of future policy priorities
7. Disruptive events
48. 1. OPERATIONAL
CONTEXT
To better understand how foresight would
be applied within ENISA, we held a
workshop to identify major functions that
would benefit from foresight.
As a result, we mapped out a high-level
structure of how foresight findings would
flow between key functions within ENISA.
This helped to identify dependencies
between the use cases.
While ENISA’s work is more of a continuous
cycle, this depiction shows how the
identification of emerging challenges and
threats supports many activities such as
strategy development, prioritizing research
topics, and preparing recommendations for
stakeholders.
The use cases defined for each phase build
upon one another, to maintain a continuous
and sustainable information flow between
organizational units and functions.
The use cases defined under each phase of
the process are indicative - the activities
and the deliverables are subject to ENISA’s
standard operating model and procedures,
as well as the CSA (Cybersecurity Act), the
main regulation that defines the mandate of
ENISA.
Understanding of ENISA’s
Operational Context
49. 2. OVERARCHING COMPONENTS AND CONSIDERATIONS
Inception Phase & Scoping: Each activity must begin with the identification of
scope, objectives, and stakeholders – it is critical to the success of the activity.
Define the scope of the exercise(including contextual information such as the pertinent
industry or EU scope).
Identify and involve all stakeholders as early in the process as is possible.
Expert Working Groups take time to put together (estimated min. 2 months), and many
internal stakeholders may need to participate in multiple foresight activities.
Engaging with Participants: As these use cases often take place over a year,
there is a chance that the participants will lose focus and interest in the
activity.
We recommend either maintaining frequent and regular contact with the participants or,
Presentanoverviewoftheproject’sobjectivesandcurrentfindingsbeforeeachpartof the activity.
Tools: Some tools are needed for all use cases, such as:
Video conferencing software
Collaborative documentation tools(Confluence, Saga, Notion, etc.)
Resources: Where possible, the process recommended for each use case should
build upon and make use of other foresight activities and reports.
50. 3. IDENTIFICATION OF
FUTURE AND
EMERGING
CHALLENGES (1)
i. Each year ENISA works on reports
identifying the future and
emerging challenges relevant to
their stakeholders.
ii. The reports themselves are used in
many other aspects of ENISA’s
operations, therefore they must be
both credible and actionable.
52. 4. STRATEGIC DECISION-
MAKING
DEVELOPMENT (2)
i. ENISA relies on solid, fact-based
strategic decision-making to decide
how to allocate resources, plan future
activities, and identify areas of
development. Foresight activities
enable the leadership to design a
strategy that can manage future
challenges.
54. 5. EVOLUTION OF THREAT
LANDSCAPE (3)
i. Each year, ENISA publishes
their analyses on the European
threat landscape.77 This is an
important aspect of much of
ENISA’s work as the most
prevalent threats may also
drive the Agency’s priorities
and strategy.
56. 6. NEEDS AND PRIORITIES
FOR CYBERSECURITY
R&D (4)
ENISA provides a valuable service by
identifying areas within the field of
cybersecurity in need of development.
This use case builds on the previous
three to reach a greater degree of
granularity. Research and development
may also inform future strategic
decision-making or may serve as
inputs for environmental scanning.
57. 6. NEEDS AND PRIORITIES FOR CYBERSECURITY R&D (4)
Foresight Approach
58. 6. NEEDS AND PRIORITIES FOR CYBERSECURITY R&D (4)
Foresight Approach
59. 7. EVOLUTION OF
OPERATIONAL
COOPERATION (5)
Operational cooperation is one the
ENISA strategic objectives: by
coordinating both the
secretariat of the EU CyCLONe and the
EU CSIRTs Network, ENISA aims to
synchronise technical and operational
levels as well as all EU actors in order
to collaborate and respond to large scale
incidents and crises. The evolution of
operational cooperation must consider a
variety of factors that are constantly
shifting. Integrating foresight into this
process will help to understand the
possible futures of operational
cooperation.
60. 7. EVOLUTION OF OPERATIONAL COOPERATION (5)
Foresight Approach
61. 8. DENTIFICATION OF
FUTURE POLICY
PRIORITIES (6)
As a trusted advisor of
policymakers, ENISA provides
overviews of emerging challenges
that may warrant a policy
response.
63. 9. DISRUPTIVE EVENTS (7)
As demonstrated by the COVID-19
pandemic, transformational events or
situations can occur suddenly and without
warning. In those cases, it is prudent to
have a structured process with which to
generate possible outcomes.
This supports decision-makers and brings
additional clarity to entities that may need
to support in such a crisis situation.
Examples of these events could include, for
example, mass ransomware incidents (like
NotPetya) or wide-reaching APTs (advanced
persistent threats).
66. 1. Foresight can be an asset to the cybersecurity community
a) Cybersecurity often looks towards future short-term threats, yet there is a
need for cybersecurity professionals and policymakers to maintain pace with
attackers.
b) Foresight is a good tool for supporting longer term strategic thinking on how
to improve the state of cybersecurity and overall resilience.
c) ENISA is taking an important strategic step to better integrate foresight into
cybersecurity practices.
2. Foresight is flexible and must be adapted for each activity
a) At the beginning of each foresight project, the methods and tools used should
be thoughtfully chosen and/or augmented to best suit each unique context and
group.
b) Even ongoing activities may be updated with lessons learned.
c) For example, if after one workshop the objectives were not achieved the format
of the following workshop should be adapted to suit the context and
participants.
d) The recommendations in this report are not prescriptive and should be
adapted as needed.
67. 3. Where possible, engage one or more foresight experts for
critical activities
a) Experts have the experience to select methods that best fit the
group, but they also have more knowledge of the more indefinite
aspects of foresight – attitudes, framing, ethics, etc.
4. Foresight is an opportunity to improve understanding
and communication
a) When stakeholders are involved in a foresight process, they
obtain a wealth of information and also face the challenge of how
to transport ideas and possibilities in an easily comprehensible
way.
b) This is an excellent exercise to develop staff members and
leadership alike.
68. 1. Design and Resource Allocation
a) The most pivotal step will be to design the foresight activities themselves –
including participants, timelines, etc.
b) The more aligned the activities are to the organization in the design phase, the
less likely that significant changes will be needed after testing the foresight
activity approaches.
c) It is also notable that resource allocation is critical for determining basic
elements of planned activities - the number of participants, timeline, and if a
foresight professional can be brought in to lead the activity.
2. Test and Adapt
a) To fully utilize the potential of foresight at ENISA, it needs to be tested in a
variety of teams, settings, and contexts.
b) Testing enables ENISA to align the foresight approach to our specific needs, thus
easing the process of integrating foresight into operational work.
c) Foresight needs to be integrated integrated into processes in order to figure out
the best set up and timeline for the organization. In doing so, ENISA may create
a culture of foresight which in turn increases the quality of foresight outputs.
69. 3. Collaborate with Key Stakeholders
a)ENISA’s foresight activities may be enhanced by
drawing upon the expertise of and collaborating with
other European (or MS) agencies and institutions that
conduct foresight.
4. Support Build Up of Foresight Capability
a)Foresight can be useful in many contexts and would be
an asset for strategic cybersecurity planning for EU
Member States.
b)ENISA’s lessons learnt and new expertise could be
useful to get national foresight programs off the ground.