Learning Outcome 2: Apply Troubleshooting/Identify Lapses
This is reflected in my Policy and Political Effects Analysis Paper from my CYSE 425W course. I address how political or financial friction in a chain of command (“human element” security lapse) prevents a technical defense from working. I analyze why a successful security response is often sabotaged by arguments over prioritization and budget after an attack.
Policy and Political Effects Analysis Paper:
Incident response policy is an organization’s number one defense strategy when it comes to technical documents that regard a cyber crisis. All business organizations must have an incident response policy, it is not a choice but a requirement. However, this strategy often drags more attention than needed, these policies have deep political foundations rooted within them. An incident response policy is a political document. The policy always forces decisions that deal with power, blame, money and communication.
The first and most crucial step to an incident response policy is to establish who is the head of the table, who calls the “shots” at the top of the chain of command. This portion of the policy starts the “hierarchy” process for an organization. When an organization appoints a head of command, they typically refer to high intelligence positions that are known as a “CISO”. A CISO stands for Chief Information Security Officer, these positions are the pinnacle of trust at the senior executive level. They usually have the highest form of authority over all departments, they also deal with changes of leadership across departments as well. These decisions can lead to conflict, they make real time changes that may ruffle the feathers of other executives. These decisions usually create a political “minefield” that the CISO has to navigate through to ensure that the right changes are being made without creating division.
The CISO has the most power and that comes with a lot of responsibility. The CISO analyzes the entire incident at hand and determines how to properly defend against current cyber threats and future threats. During the investigation process the CISO must determine who was at “fault”. This accountability that the CISO has to follow through with is not only stressful but also extremely political. The accusation of a department at fault never runs over smoothly, some departments may use the policy’s language as a tool or scapegoat to push the blame onto others. This makes the investigation process for a CISO extremely difficult due to the political influence that “clouds” over the analysis.
Incident Response policy’s political nature does not just halt after dictating who was at fault. The policy also has to deal with the financial aspect of an incident that an organization faces as well. The budget after an incident for repairs, legal fees, fines, and even forensic consultants all contribute to the political background of an Incident Response policy. The policy must determine where a majority of all the funds are allocated within an organization. This can cause division because other departments may find anger with the decision, causing a conflict between the IT leadership and Financial leadership. Typically, every department head will argue their beliefs on why their department should receive the most funds over other departments. Prioritization is the solution that the incident response policy enforces when these hardships arise. This portion of the incident response policy is extremely political because it enforces the necessity of each department, which always results in the political priorities of one department over another.
References
Cybersecurity and Infrastructure Security Agency. (2023). Cybersecurity Incident Response | CISA. Cybersecurity and Infrastructure Security Agency CISA.
Policies & Priorities. (n.d.). Cio.gov.
Cyber Incident Reporting: A Unified Message for Reporting to the Federal Government. (2016, July 28). Department of Homeland Security.