Agility
In the context of cyber security, agility is a concept that refers to measures that corporate organizations are taking in order to ensure operational flexibility and quick response to dynamic environmental factors that affect their normal operation. This concept is the one that is used to establish stable and secure cloud management systems for an internet-based data storage facility. Governance is comprised of activities executed by those responsible for the success of a corporate enterprise (the board and executive management). Their major responsibilities are strategy formulation and execution to ensure that both long and short-term objectives are achieved. Among the strategies formulated are risk reduction mechanisms. Cyber security is a concept that defines an enterprise’s reliance on cyberspace that is full of threats. Cyber security governance, therefore, entails the security governance of an organization’s information system. It is noticeable that features of information management address information security outside online storage facilities. The movement of information between offline and online dimensions is so frequent that cyber security management should encompass information security governance (Weill & Jeanne 163).
Components of agility
Responsiveness-it is the ability of an enterprise to quickly react to information system jeopardy attempts. It measures the flexibility of an enterprise. An enterprise should, therefore, deploy mechanisms to enable it to detect and respond to indications of unauthorized attempts to access its database. Responsiveness is important for an organization’s success because an earlier detection of unauthorized information access will allow an enterprise ample time to identify the source of cyber security weakness and take corrective measures. Earlier detection will also prevent huge damage or disruption of information in a Company’s database. Information loss prevention plays an important role in cost management. The information-gathering process is an expensive process therefore, reducing the frequency with which it is performed saves a lot of money. Unauthorized access into and tampering with an organization’s database has a potentially negative effect on an organization’s ability to carry out its normal business (NDIA 24). Disruption of an organization’s information system affects its decision-making processes. The effect has a bearing on the fact that decision-making, for instance, financial decisions, is based on historical information. Therefore, organizations should develop processes that provide alternative decision-making processes in the event that their adversaries, through cyberattacks, interfere with the critical facet of an organization’s decision-making process (NIST 21).
Timely-in the context of agility, timely is a concept referring to the availability of cyber security measures and when needed by an enterprise. An organization should implement a process that provides an alternative decision making, which allows timely decision and delegation of responsibilities in the event that an adversary’s actions result in a successful long-term disruption of an enterprise’s primary decision-making process, or otherwise renders it unable to make a timely response to security issues (NIST 16).
Importance of agility in the decision-making process
Because of the concept of agility, organizations have implemented processes that provide a secondary decision-making mechanism, which supports responsibility allocation if it occurs that information damage results in long-term disruption of decision-making facets (Lewis & Baird 214). Agility facilitates the delegation of decision-making responsibilities from general managers to heads of various departments. This reduces the decision-making period thus reducing time wastage. It also brings together heads of various departments, for instance, agency officials, information security officers and CEOs, thus ensuring a perfect decision making-process (GAO 4).
SA and agility
Organizations should create situation awareness programs to sensitize their employees on the actual existence of adversaries with the malicious intention for an organization’s information system. In addition, awareness should also be created on the available mechanisms put in place by the organizations to mitigate the risk attributed to its dependability on cyberspace (Selke & Renn 97). To ensure uniform effort towards the implementation of cyber security measures in an organization, it is imperative that employees are involved in the process. Their involvement will familiarize them with the organization’s long-term plan to invest in cyber security, which security measures need to be integrated into the organization’s system and its core missions (IRGC 6). Situational awareness should aim at enlightening members of an organization on the urgency for investing in cyber security as compared to other areas of investment. The awareness will also inform lower departmental managers on how the organization can make cyber-security investment decisions. There should also be aware of strategic integration to address the scope of cyber-security strategy integration into an organization’s risk management process. Situational awareness enlightens members of an organization about various disciplines that are involved in cyber security (Clark & Sitko 17). For instance, the safety of information and communication system is among the disciplines involved. The discipline awareness will create awareness of the interdependency between the disciplines. For instance, distribution of information and management among heads of operational activities in different areas as well as organization baselines among those who are responsible for strategic planning are unleashed. Situational awareness should also relay the risk mitigation approach to the organization members (Posthumus & Rossouw von 123). The approach of an organization to alleviate risk reflects its commitment to conform to principles of excellent performance. For instance, an organization can decide to focus on conformity to principles of good performance to facilitate strong characteristics of its cyber security management with compliance. Situational awareness is also important because it informs decision-makers and strategic planners about the necessity of identifying and assessing risk factors. Various factors can form the basis of cyber risk modeling. They include factors related to threats, vulnerability and consequences (Hamilton 9).
Why agile in cyber security
Cyber security measures should be agile to facilitate earlier detection of threats to an organization’s database and to ascertain whether a threat source exists within the organization or not. Classification, processing and storage of information in an organization will be effective and efficient with the implementation of agility in cyber security. Corporate entities with large information files stored in online facilities rest assured of the safety and security of their information resources and protection against the existing persistent threat from cyber attackers (“Cyber security Today and Tomorrow” 79).
Importance of increasing agility, which increases overall SA agility
An increase in agility demands that an organization tailors its governance and security measures to the threat it faces. The levels of preparedness for cyber threats vary depending on how current, clear, and precise an organization’s security plans should be in order to report to the strategic planning process on threat mitigation and operational decisions. Intelligence should, therefore, increase agility in organizations in order to establish strong, resilient, and penetration-resistant information systems that support the core missions of an organization. An increase in agility will also facilitate continuous improvement in security controls and increase flexibility in risk management activities to reduce cyber threats. An increase in agility will increase the responsiveness of an organization in detecting insider threats and reduce supply chain risk as security assurance and trustworthiness of information systems are upheld. The functionality of cyber security will be enhanced by developing appropriate services and risk-mitigating mechanisms to strengthen security and ensure correctness, completeness, and resistance information system (Eberstein 222).
Conclusion
Cyber threat is a nightmare to corporate entities that practice cloud computing. Information resources are important in an organization and thus, should be protected against malicious damage. As a result, measures should be implemented to create cyber security, which will protect the information resources of an organization from damage. Situational awareness should be made to organization members to facilitate the implementation of security strategies. A secure organization information system will stabilize decision-making processes in an organization.
Works Cited
Clark, Tammy & Sitko Toby. Information Security Governance: Advancing the State of the Practice. PDF file. 2008. Web.
Cyber security Today and Tomorrow: Pay Now or Pay Later. Washington, D.C: National Academy Press, 2002. Print.
Eberstein, M. Mark. Agility: Competing and Winning in a Tech-Savvy Marketplace, Hoboken: J. Wiley & Sons, 2010. Print.
GAO. Cyberspace: United States Faces Challenges in Addressing Global Cyber security and Governance. PDF file. 2010. Web.
Hamilton, A. Booz. Information Security Governance: Governance Considerations for the Cloud Computing Environment. PDF file. 2009. Web.
IRGC: An Introduction to the IRGC Risk Governance Framework. 2008. Web.
Lewis, James, & Zoë Baird. Cyber Security. Washington, D.C: CSIS Press, Center for Strategic and International Studies, 2003. Print.
National Defense Industrial Association (NDIA). Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure. 2009. Web.
NIST. Information Security Guide for Government Executives. 2007. Web.
NIST. Information Security Handbook: A Guide for Managers. PDF file. 2006. Web.
Posthumus Shaun & Rossouw von Solms. “A framework for the governance of information security”, Computers & Security. 23 (2004): 638-646. Print.
Selke, Piet & Renn Ortwin. “Risk Governance of Pervasive Computing Technologies”, The International Journal of Technology, Knowledge and Society, 4 (2008). Print.
Weill, Peter and Jeanne Ross. A Matrixed Approach to Designing IT Governance, MIT Sloan Management Review, Winter: Thomson Learning, 2005. Print.