Cyber-Security Risk Intelligence

Scott Foote, CEO of Protinuum based in United States participates in Risk Roundup to discuss Cyber-Security Risk Intelligence.

Overview

When security risks from cyberspace, merge and converge with geospace and space; security risk intelligence has never been more important for the humanity than it is now in a digital global age.

With millions of annual cyber-attacks, cyber-crime has become a real threat to individuals and entities across nations: its government, industries, organizations and academia (NGIOA) using computers, smartphones, tablets, internet of things and other gadgets connected to the internet. Either somebody’s identity is stolen every few seconds, or someone’s confidential data is stolen as a result of cybercrime. This is a serious cause of concern.

Irrespective of cyberspace, geospace or space (CGS), security risk intelligence has become one of the most important of the core elements which must be established by entities across NGIOA. It is no surprise that, nations: its government, industries, organizations and academia (NGIOA) are spending enormous resources on the gathering and analysis of cyber-security risk intelligence.

Today, more than ever, cyber-security risk intelligence must provide information that can be acted upon by NGIOA decision makers, if it is going to be deemed of value in cyberspace, geospace and space. Having said that, it is one thing to gather security risk data and extract information but an entirely different thing to turn that information into meaningful and actionable intelligence.

Understanding Cyber-Security Risk Intelligence

It matters how cyber-security risk intelligence is understood by the security community. It is therefore important to understand and evaluate what does cyber-security risk intelligence mean to the security community. When we say cyber-security risk intelligence, what does it mean to different security stakeholders?

Defining Cyber-Security Risk Intelligence Goals

The goal of cyber-security risk intelligence is to provide actionable and comprehensive insight from cyberspace, geospace and space that can help reduce security risk: be it tactical, operational or strategic for any initiative and/or entity across NGIOA.

Irrespective of cyberspace, geospace or space, security is no longer a silo affair, it’s an NGIOA affair. Security is no longer about geospace security, it’s about CGS security (cyberspace, geospace, space). It is important to understand and evaluate whether this new emerging integrated cyber-security risk paradigm is clearly understood, acknowledged and accepted by the security community from cyberspace, geospace and space.

Reliability of The Current Cyber-Security Risk Management Framework

Despite the interconnectedness and interdependencies between cyberspace, geospace and space (CGS), and between nations: its government, industries, organizations and academia (NGIOA), nations approach to how best to address issues of cyber-security risk intelligence in this CGS sphere has been drawn-out, confusing, silo, and inconclusive.

  • Each cyber-security incident brings forth an outcry for better information and intelligence sharing within, between and across NGIOA.
  • Each cyber-security incident makes the critics question why didn’t we have more cyber-security intelligence beforehand?
  • Each cyber-security incident makes different components of a nation: government, industries, organizations and academia question, why weren’t we informed about the security intelligence?

The above questions raise a critical concern whether we have reliable cyber-security risk intelligence framework, processes tools and technologies.

Cyber-Security Risk Intelligence Approach

Most entities across NGIOA goes through cyber-security risk intelligence failures. So, what is missing in the approach? Since a comprehensive cyber-security risk intelligence program is critical to the success of the viability, survivability and resilience of the entire nation, cyber-security risk intelligence has become one of the most important of the core elements which must be established when building a successful and effective security risk intelligence program across nations.

Cyber-Security Risk Intelligence Sharing

Cyber-security risk intelligence isn’t just for any single individual or entity across NGIOA, it is for everyone. It is important to evaluate whether there is risk intelligence sharing within, between and across NGIOA. Since any form of real intelligence sharing within and across NGIOA is still virtually non-existent, the current “silos of security risk intelligence” is a problem and a cause of great concern.

Cyber-Security Risk Intelligence Programs

What is the nature of the cyber-security risk intelligence programs across nations? It seems that there are very few intelligence programs that exist across nations today that provide NGIOA decision makers with the depth of security risk intelligence which allows them to make truly informed decisions. This void is a cause of great concern.

Are the cyber-security risk programs effective in your nation? If not, why does cyber-security risk intelligence fails across nations?

It is important to evaluate further:

  • How can entities across NGIOA build successful and effective cyber-security risk intelligence programs?
  • How can integrated CGS security risk intelligence be gathered?
  • What is the current state of cyber-security risk intelligence gathering effort?
  • How much security risk information is out there in the public domain?
  • What processes have been, or need to be established to leverage the cybersecurity information into something useful—cyber-security risk intelligence?
  • What is the difference between openly acquired security risk intelligence and classified security intelligence?
  • How do we collect cyber-security risk information?
  • Is the cyber-security risk prioritization effective? If not, what is the reason the risk prioritization is not effective?
  • How can individuals and entities across NGIOA ensure they have necessary cyber-security risk intelligence from cyberspace, geospace or space?
  • What is the nature of cyber-security risk intelligence methods that are currently used?
  • What technology tools are used by security agencies or organizations across NGIOA?
  • What should be the new security risk intelligence architecture?
  • Why is cyber-security risk intelligence analysis important?
  • What is the process of intelligence analysis?

Interconnected and integrated CGS risk intelligence, needs to play a central role in CGS Security Risk Intelligence. Time is now to talk about cyber-security risk intelligence!


For more please watch the Risk Roundup Webcast or hear Risk Roundup Podcast


About the Guest

Scott is a senior high-tech executive with more than 30 years of experience in cybersecurity and the broader software industry; serving both the public and private sectors. His primary area of expertise has been information security since the late 1980s; however, Scott’s technical experience ranges from operating system kernel technologies, to the gamut of filesystem / database and info storage, to network engineering, to packaged commercial applications such as SCADA, B2B and CRM solutions. His management experience spans the product lifecycle, with a specific focus on complex systems engineering and solution roadmap planning – including operational prototyping, rapid-growth product evolution, market adaptation, derivative product strategy, and next generation rollout and migration. Since 1995, he has helped to launch or successfully re-invent over a dozen small businesses. Scott is a frequent guest speaker at industry events, sits on a number of advisory boards and has been a member of the board of directors for enswers, Inc., Axixa Corporation, Realocity, Inc., Protinuum, LLC, and the Boston Affiliate of the Susan G. Komen Breast Cancer Foundation.

About Protinuum

Protinuum’s DECYSIS platform is operationalizing comprehensive Cyber Risk Intelligence for Security Operations in both commercial and public-sector organizations. DECYSIS fuses multi-source intelligence that goes beyond Threats and Vulnerabilities; incorporating specific Consequences and relevant Countermeasures, to accelerate incident response and planning. Offloading Cyber Analysts from manually intensive intel gathering, fusion, option identification and evaluation, and stakeholder notification activities. Protinuum, LLC also provides a range of cyber security consulting services to organizations as they mature their Security Operations teams and systems

About the Host of Risk Roundup
Jayshree Pandya (née Bhatt) is a visionary leader, who is working passionately with imagination, insight and boldness to achieve Global Peace through Risk Management. It is her strong belief that collaboration between and across nations: its government, industries, organizations and academia (NGIOA) will be mutually beneficial to all—for not only in the identification and understanding of critical risks facing one nation, but also for managing the interconnected and interdependent risks facing all nations. She calls on nations to build a shared sense of identity and purpose, for how the NGIOA framework is structured will determine the survival and success of nations in the digital global age. She sees the big picture, thinks strategically and works with the power of intentionality and alignment for a higher purpose—for her eyes are not just on the near at hand but on the future of humanity!
At Risk Group, Jayshree is defining the language of risks and currently developing thought leadership, researching needed practices, tools, framework and systems to manage the “strategic and shared cyber-security, geo-security and space-security risks facing nations today in a digital global age. She believes that the contested commons of cyberspace or space cannot be secured if NGIOA works in silo within and across its geographical boundaries in cyberspace, geospace and space. As security requires an integrated NGIOA approach with a common language, she has launched cyber-security, geo-security and space-security risk research centers that will merge the boundaries of geo-security, cyber-security and space-security.
Previously, she launched and managed “Risk Management Matters”, an online risk journal and one of the first risk publications, publishing “Industry Risk Reports of Biotechnology, Energy, Healthcare, Nanotechnology, and Natural Disasters” over the course of five years. Jayshree’s inaugural book, “The Global Age: NGIOA @ Risk”, was published by Springer in 2012.

About Risk Roundup

Risk Roundup, a global initiative launched by Risk Group, is an integrated cyberspace, geospace, and space (CGS) security risk dialogue for individuals and entities across nations: its government, industries, organizations and academia (NGIOA).

Risk Roundup is released in both audio (Podcast) and video (Webcast) format and is available for subscription at (Risk Group WebsiteiTunesGoogle PlayStitcher RadioAndroid, and Risk Group Professional Social Media).

About Risk Group

Risk Group is a strategic security risk research organization. It focuses broadly on the risks facing individuals and entities across nations: its governments, industries, organizations, and academia (in short referred to as NGIOA). Its approach is broad, encircling cyberspace, geospace and space (in short referred to as CGS). It firmly believes that collaboration within, between and across NGIOA will be mutually beneficial to all stakeholders across nations—for not only in the identification and understanding of critical CGS security risks facing one nation, but all nations.

Risk Group believes that risk management, security and peace walk together hand in hand. Though security is related to management of threats and peace to the management of conflict, risk management is related to management of security vulnerabilities as well as management of conflict, and it is not possible to conceive any one of the three without the existence of the other two. All three concepts feed into each other. Risk Group believes that the security we build for ourselves is precarious and uncertain until it is secured for everyone across nations. Tradition becomes our security-so if we build a culture of managing risks effectively it will lead us to security and security will lead us to peace!

Copyright Risk Group LLC. All Rights Reserved