Booz Allen Hamilton and UC Berkeley Release White Paper Outlining the Risks and Solutions of Cybersecurity; Rudy Bakalov Quoted

Booz Allen Hamilton and the University of California Berkeley have announced a joint white paper, titled “Resilient Governance for Boards of Directors: Considerations for Effective Oversight of Cyber Risk,” the company announced on Wednesday. The paper outlines how cybersecurity has become an existential risk to every company board and offers a set of board processes for effective cybersecurity governance.

Booz Allen conducted a study and interviewed 20 board members across a variety of sectors to collect data and create a framework that boards can utilize to govern cybersecurity in the current enterprise, while evolving over time with the technology-business-regulatory central to cybersecurity risk.

“Today, boards are deeply committed to improving cybersecurity practices and outcomes for their companies. However, cybersecurity is still a relatively new area of focus and boards aren’t certain on the best practices for cyber oversight and risk mitigation. We used our findings to develop a core set of recommendations to help boards’ better govern cybersecurity practices,” said Rudy Bakalov, vice president with Booz Allen’s Commercial Business.

Booz Allen has acknowledged four dynamic risk tensions when companies create a defense for cybersecurity, including risk model, expertise, competition and cooperation and board-ciso-management protocol.

The company has noted that risk model is the most crucial tension within a company’s cybersecurity. The tension falls in the division between enterprise risk management versus existential safety, and the importance of cybersecurity.

The second tension the study has addressed is the distribution of expertise on the boards and how directors evaluate qualifications of cyber board members. The tension exists as boards decide how much expertise is necessary and how much authority should be delegated to cyber specialists and if it is reasonable to create a board technology or cybersecurity committee.

Elsewhere, the third dynamic tension that boards confront is finding the right balance between cooperation and competition with other enterprises when it comes to cybersecurity. The study has introduced the debate of whether or not companies and boards should compete or work together as a collective good when it comes to cybersecurity. The division between competitive assets and collective good creates two separate courses of action.

The fourth dynamic tension that boards navigate links to how the members choose to structure the oversight relationships on cyber as information systems flow between management and the board, which has created a divide between high touch and stable metrics.

Booz Allen has recommended that high touch supporters engage on security oversight with business units and other enterprise functions beyond the Security Operations Center, integrate quantitative and qualitative inputs in a consistent manner, deepen the relationship with the CISO through more frequent interaction, and create and defend protected spaces for management and employees to expose cybersecurity challenges.

Boards that utilize stable standard metics should allow metrics to evolve, but choose a consistent framework for how they can support oversight. Additionally, boards should re-assess the impact of the metrics on a regular basis and supplement quantitative metrics with integrated qualitative aspects in a balanced model.

“While there is no one right answer or template for holistic cybersecurity, we hope these proposed actions will be a good starting point for boards of directors looking to strengthen their cybersecurity posture,” concluded Bakalov.

About Booz Allen Hamilton 

Booz Allen Hamilton Inc. is an American management and information technology consulting firm, headquartered in McLean, Virginia, with 80 other offices around the globe. The company’s stated core business is to provide consulting, analysis and engineering services to public and private sector organizations and nonprofits.

You may also be interested in...

Paul Dillahay President

NCI Partners With Mercyhurst to Advance AI Platform; Paul Dillahay Quoted

NCI Information Systems has entered an academic partnership with Mercyhurst University to advance NCI’s artificial intelligence (AI) technology for the federal government. “We’re excited to work with Mercyhurst University to further augment the NCI Empower AI platform,” said Paul Dillahay, president and CEO of NCI and a 2020 Wash100 Award recipient.

James McFadyen VP

Former Leonardo DRS Exec James McFadyen Joins Fairbanks Morse as Aftermarket Business Lead

James McFadyen, formerly a vice president at Leonardo DRS' naval power systems group, has been named VP and general manager of the aftermarket business at Fairbanks Morse.

NuScale Power small modular nuclear reactor plant design

Fluor Plans to Support NuScale Reactor Project Through Potential $1.35B DOE Funding Vehicle

The Department of Energy has cleared a funding vehicle worth potentially $1.355B for a public power consortium-led project that includes construction of a small modular reactor plant by NuScale Power, which Fluor holds a majority stake in. Fluor said Monday it plans to support Utah Associated Municipal Power Systems and NuScale in establishing a clean-energy SMR system through UAMPS' Carbon Free Power Project.