how to build your own cyber security framework using a balanced scorecard
DESCRIPTION
Presented by: Russell Thomas, George Mason University Abstract: Two aspects of cyber security that everyone struggles with are metrics and business impact. How do we measure it to improve and how do we make it meaningful to business decision makers? This gap appeared again recently in the NIST Cyber Security Framework (CSF) process RFI responses. But there is no need to wait for NIST CSF or anything else because there is a viable method available now that you can use to build your own CSF. Namely the “Balanced Scorecard” method. The key idea is to focus on performance against measurable objectives in all critical dimensions that, taken together, will lead to better security, privacy, and resiliency outcomes, even in a dynamic and highly uncertain threat environment. In this presentation, we’ll explain the ten critical dimensions of cyber security performance, explain how they are interrelated and feed off each other, show how to create a performance index in each dimension, and describe how the balanced scorecard can be used to drive executive decisions. This presentation should be valuable to managers and executives in every type of organization in the energy sector, including the supply/service chain. Consultants, regulators, and academics should also find it interesting and useful.TRANSCRIPT
![Page 1: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/1.jpg)
How to Build Your Own Cyber Security Framework
using a Balanced Scorecard"
Russell Cameron Thomas!EnergySec 9th Annual Security Summit!
September 18, 2013!
Twitter: @MrMeritology!
Blog: Exploring Possibility Space!
![Page 2: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/2.jpg)
Who here loves frameworks?!
![Page 3: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/3.jpg)
Who here loves frameworks?!
NIST Cyber Security Framework?!Other?!
![Page 4: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/4.jpg)
Frameworks can matter (a lot)
![Page 5: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/5.jpg)
Frameworks can matter (a lot) if they are instrumental in
driving new levels of Cyber Security Performance
![Page 6: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/6.jpg)
What the hell is “Cyber Security Performance”?!
![Page 7: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/7.jpg)
Yes, “Cyber”!
![Page 8: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/8.jpg)
Yes, “Cyber”!Confluence of…!• Information Security!• Privacy!• IP Protection!• Critical Infrastructure Protection & Resilience!• Digital Rights!• Homeland & National Security!• Digital Civil Liberties!
![Page 9: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/9.jpg)
What the hell is “Cyber Security Performance”?!
![Page 10: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/10.jpg)
“Cyber security performance” is… "
… systematic improvements in an organization's dynamic posture
and capabilities relative to its rapidly-changing and uncertain adversarial environment.”!
![Page 11: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/11.jpg)
“Cyber security performance” is… "
…Management By Objectives!
(Drucker)!
![Page 12: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/12.jpg)
“Cyber security performance” is… "
…Management By Objectives!
…Performance Mgt, incentives!
![Page 13: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/13.jpg)
“Cyber security performance” is… "
…Management By Objectives!
…Performance Mgt, incentives!
…Staffing, training, organizing!
![Page 14: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/14.jpg)
“Cyber security performance” is… "
…Management By Objectives!
…Performance Mgt, incentives!
…Staffing, training, organizing!
…Organization learning, agility!
![Page 15: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/15.jpg)
“Cyber security performance” is… "
…Management By Objectives!
…Performance Mgt, incentives!
…Staffing, training, organizing!
…Organization learning, agility!
… and good practices!
![Page 16: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/16.jpg)
“Performance” vs “Practices”!
![Page 17: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/17.jpg)
Using the Universal Language of Executives….���
![Page 18: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/18.jpg)
Using the Universal Language of Executives….���
![Page 19: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/19.jpg)
![Page 20: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/20.jpg)
"Keep your head still"
![Page 21: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/21.jpg)
"Keep your head still"
“Keep your arm straight”
![Page 22: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/22.jpg)
"Keep your head still"
“Keep your arm straight” “Swing on
one plane”
![Page 23: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/23.jpg)
"Keep your head still"
“Keep your arm straight” “Swing on
one plane”
“Swing easy”
![Page 24: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/24.jpg)
"Keep your head still"
“Grip it and rip it!"
“Keep your arm straight” “Swing on
one plane”
“Swing easy”
![Page 25: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/25.jpg)
"Best practices" are like golf tips… ������
![Page 26: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/26.jpg)
"Best practices" are like golf tips… ������
Golf tips alone don't make good golfers���
![Page 27: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/27.jpg)
Why Agility?
Why Rapid Innovation?!
![Page 28: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/28.jpg)
![Page 29: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/29.jpg)
State ofthe Art!
Lagging"InfoSec"Program!
![Page 30: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/30.jpg)
Time for some drama!
![Page 31: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/31.jpg)
Time for some drama!
Set in the Summer of 2017!
![Page 32: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/32.jpg)
“I in central Texas.”
t was another long heat wave
![Page 33: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/33.jpg)
Spare generating capacity was dangerously low!
![Page 34: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/34.jpg)
You run information security!at a large industrial company!that includes several and cogeneration.!
![Page 35: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/35.jpg)
Thanks to deregulation and incentives, microgrids have taken off, especially in Texas
= 10+ microgrids
Microgrid Adoption, 2017"
![Page 36: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/36.jpg)
In recent days, instead of selling its excess power, your firm was buying at peak spot prices."""This was strange.!
![Page 37: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/37.jpg)
18 months earlier
You"Energy Ops "Manager"
Business"Continuity"Manager"
![Page 38: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/38.jpg)
Effective Response, Recovery & Resilience"
![Page 39: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/39.jpg)
Your Microgrid Automation""
hosted"auto-configuring"software"reporting/trending!system config!diagnostics!
Internet
Microgrid"Supervisory"Controller"
12 months earlier
![Page 40: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/40.jpg)
Spot trading was largely automated���via microgrid automation software.���
12 months earlier
![Page 41: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/41.jpg)
Optimize Exposure"
![Page 42: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/42.jpg)
Insiders?
Threat Intelligence
Business Partners? Contractors?
Criminals?
APT?
Error?
Hactivist?
Terrorist?
24 months earlier
![Page 43: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/43.jpg)
Our New Capability: Attack-driven Defense"
1. Raise cost to attackers
2. Increase odds of detection
3. Iterate defense based on real attack patterns
24 months earlier
source: Etsy h7p://www.slideshare.net/zanelackey/a7ackdriven-‐defense
![Page 44: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/44.jpg)
Insiders?
Business Partners? Contractors?
Criminals?
APT?
Error?
Hactivist?
Terrorist?
Threat Intelligence Yesterday
![Page 45: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/45.jpg)
Effective Threat Intelligence"
![Page 46: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/46.jpg)
Sensors & Pattern Detection for Anomalous User Behavior"
24 months earlier
Any Non- Tech. Tech.
source: Etsy h7p://www.slideshare.net/zanelackey/a7ackdriven-‐defense
User Class
![Page 47: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/47.jpg)
Insiders?
Business Partners? Contractors?
Criminals?
APT?
Error?
Hactivist?
Terrorist?
X Threat Intelligence
X
Yesterday
![Page 48: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/48.jpg)
Quality ofProtections & Controls"
![Page 49: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/49.jpg)
Insiders?
Business Partners? Contractors?
Criminals?
APT?
Error?
Hactivist?
Terrorist?
X X
Threat Intelligence Yesterday
![Page 50: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/50.jpg)
Efficient/Effective Execution & Operations"
![Page 51: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/51.jpg)
12 months earlier
![Page 52: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/52.jpg)
Effective External Relationships"
![Page 53: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/53.jpg)
The Crime:"
ArDficially Congested
Subsided Generators
Manipulation of Wholesale Market Subsidies
Conges'on pa+erns, July 14, 2017
![Page 54: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/54.jpg)
Losers: You and hundreds of other microgrids forced to generate spot market bids during price spikes. (Botnet-style. Each loses a little $$)
Scam: Generate losing trades in one market to make money in another market
![Page 55: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/55.jpg)
Attack: Compromised Hosted Auto-Configuration Software
"hosted"auto-configuring"software"reporting/trending!system config!diagnostics!
Internet
Microgrid"Supervisory"Controller"
![Page 56: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/56.jpg)
The Attackers"
Insider: Contractor at web application software company
Outsider: Hedge fund manager bribed contractor with profit sharing
![Page 57: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/57.jpg)
Gold Man Hacks Bid Probe "2017"
2017"
Gold Man Hacks Faces Record Fine Over Energy
![Page 58: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/58.jpg)
Over the last 24 months
Adap've Threat
Intelligence
A+ack-‐ driven Defense
Expanded External
Engagement
Expanded Detec'on & Response
Metrics
![Page 59: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/59.jpg)
Effective Agility & Learning"
![Page 60: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/60.jpg)
Over the last 24 months
![Page 61: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/61.jpg)
Effective Design & Development"
![Page 62: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/62.jpg)
Over the last 24 months
![Page 63: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/63.jpg)
Optimize Cost of Risk"
![Page 64: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/64.jpg)
Over the last 24 months
![Page 65: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/65.jpg)
Accountability & Responsibility"
![Page 66: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/66.jpg)
The End
![Page 67: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/67.jpg)
Summary:
The Ten Dimensions of
Cyber Security Performance!
![Page 68: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/68.jpg)
Actors
Systems
The Organiza7on
Events
Context"
![Page 69: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/69.jpg)
Actors
Systems
1. Exposure
Events
Dimension 1:Optimize Exposure"
![Page 70: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/70.jpg)
Actors
Systems
1. Exposure 2. Threats
Events
Dimension 2:Effective Threat
Intelligence"
![Page 71: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/71.jpg)
Actors
Systems
1. Exposure
3. Design & Dev.
2. Threats
Events
Dimension 3:Effective Design &
Development"
![Page 72: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/72.jpg)
Actors
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. Protec'on
s & Con
trols
Events
Dimension 4:Quality of Protection
& Controls"
![Page 73: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/73.jpg)
Actors
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. Execu'o
n & Ope
ra'o
ns
Events
Dimension 5:Effective/Efficient
Execution & Operations"
![Page 74: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/74.jpg)
Events
Actors
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. ExecuDo
n & Ope
raDo
ns
6. Response, Recovery
& Resilience
Dimension 6:Effective Response,
Recovery & Resilience"
![Page 75: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/75.jpg)
Opera7onal Cyber Security
Dimensions 1 – 6 Measure Core Performance"
Events
Actors
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. ExecuDo
n & Ope
raDo
ns
6. Response, Recovery
& Resilience
![Page 76: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/76.jpg)
First Loop Learning
“First Loop Learning”is Continuous Improvement
in Daily Operations"
![Page 77: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/77.jpg)
Events
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. ExecuDo
n & Ope
raDo
ns
Actors
7. Externa
l Engagem
ent
The Organiza7on
Other Organiza7ons
Government & Law Enforcement
Dimension 7:Effective External
Engagement"
6. Response, Recovery
& Resilience
![Page 78: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/78.jpg)
Events
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. ExecuDo
n & Ope
raDo
ns
Actors
7. External Engagem
ent
Other Organiza7ons
Government & Law Enforcement
8. Agility & Learning
Dimension 8:Effective Agility
& Learning"
6. Response, Recovery
& Resilience
![Page 79: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/79.jpg)
Events
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. ExecuDo
n & Ope
raDo
ns
Actors
7. External Engagem
ent
8. Agility & Learning 9. Total Cost of Risk
Other Organiza7ons
Government & Law Enforcement
Dimension 9:Optimize
Total Cost of Risk"
6. Response, Recovery
& Resilience
![Page 80: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/80.jpg)
Events
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. ExecuDo
n & Ope
raDo
ns
Actors
7. External Engagem
ent
Total Cost of Risk
10. Accountability & Responsibility
Stakeholders
9. Total Cost of Risk 8. Agility & Learning
Other Organiza7ons
Government & Law Enforcement
Dimension 10:Accountability
& Responsibility"
6. Response, Recovery
& Resilience
![Page 81: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/81.jpg)
Dynamic Capabili7es
Dimensions 7 – 10 Measure Systemic
Agility"
Events
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. ProtecDon
s & Con
trols
5. ExecuDo
n & Ope
raDo
ns
Actors
Total Cost of Risk
10. Accountability & Responsibility
Stakeholders
9. Total Cost of Risk 8. Agility & Learning
Other Organiza7ons
Government & Law Enforcement
7. External Engagem
ent
6. Response, Recovery
& Resilience
![Page 82: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/82.jpg)
Second Loop Learning
“Second Loop Learning”is Innovation
and Reinvention*"
* Individual and CollecDve
![Page 83: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/83.jpg)
Events
Systems
1. Exposure 2. Threats
3. Design & Dev. 4. Protec'on
s & Con
trols
5. Execu'o
n & Ope
ra'o
ns
Actors
7. Externa
l Engagem
ent
Stakeholders
10. Accountability & Responsibility
9. Total Cost of Risk 8. Agility & Learning
Other Organiza7ons
Government & Law Enforcement
Ten Dimensions ofCyber Security
Performance"
6. Response, Recovery
& Resilience
![Page 84: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/84.jpg)
Last thought…!
![Page 85: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/85.jpg)
“Can’t you make it simpler?”!
![Page 86: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/86.jpg)
“Can’t you make it simpler?”!
“We need a crayon version for executives and other
business and policy types”!
![Page 87: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/87.jpg)
Sure!
![Page 88: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/88.jpg)
Sure!• “Transcendental numbers hurt my head”!
![Page 89: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/89.jpg)
Sure!• “Transcendental numbers hurt my head”!• Declare π = 3.0!
![Page 90: How to Build Your Own Cyber Security Framework using a Balanced Scorecard](https://reader033.vdocuments.net/reader033/viewer/2022050919/547a76c0b4795968098b49ee/html5/thumbnails/90.jpg)
Sure!• “Transcendental numbers hurt my head”!• Declare π = 3.0!• But we lose something essential!
“Circle”