From this week’s Jonas Reading: How should we approach the development of cyber-policy and infrastructure given the “short arm” of predictive knowledge?

In light of the “short arm” of predictive knowledge, the development of cyber-policy and infrastructure should prioritize adaptability, resilience, and proactive collaboration. This involves creating flexible frameworks that can swiftly respond to emerging threats while investing in robust systems that are designed to withstand and recover from cyber incidents. Fostering partnerships among government, private industry, and academia is crucial for sharing intelligence and resources, enabling a more cohesive approach to cybersecurity challenges. Additionally, organizations should embrace continuous learning by regularly updating training programs and conducting simulations, alongside implementing comprehensive risk assessment strategies that account for both known vulnerabilities and the unpredictability of future threats. Overall, a collaborative approach will be essential in navigating the complexities of cybersecurity in an ever-evolving digital landscape.

In this discussion board, you are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?

As the Chief Information Security Officer (CISO) of a publicly traded company, ensuring system availability is critical for safeguarding our operational integrity and stakeholder trust. To achieve this, I would implement protections aligned with the NIST Cybersecurity Framework, focusing on the Identify, Protect, Detect, Respond, and Recover functions. The NIST Cybersecurity Framework provides companies/businesses a clear framework to use to help manage cybersecurity risks/attacks. Under identify, we would conduct a comprehensive risk assessment to pinpoint vulnerabilities that could threaten availability. This assessment informs our protective measures. For the protect function, implementing redundancy in our infrastructure, such as load balancing and geographically-distributed data centers, ensures that our systems remain operational despite failures. In the detect phase, deploying advanced intrusion detection systems enables us to identify potential disruptions in real-time, facilitating an immediate response to incidents. The respond function includes having an incident response plan that adds processes for addressing breaches or outages swiftly, minimizing downtime. Finally, under recover, we would establish a solid disaster recovery plan that includes regular data backups and failover strategies, allowing for quick restoration of services. By integrating these components of the Cybersecurity Framework, we can ensure the resilience and availability of our systems while reinforcing stakeholder confidence.

How has cyber technology created opportunities for workplace deviance?

Cyber technology has created opportunities for workplace deviance by enabling anonymity and distance in digital interactions, which can embolden individuals to engage in unethical behavior without immediate repercussions. The accessibility of sensitive information allows employees to misuse data for personal gain, while sophisticated social engineering tactics, such as phishing, can lead to unintentional breaches of trust and security. Additionally, the rise of remote work has reduced oversight, making it easier for employees to engage in activities like time theft or inappropriate use of company resources. Overall, the complex and often unregulated digital landscape fosters an environment where deviant behaviors can thrive, often with little accountability.