By Bob Gourley
The Intelligence and National Security Alliance (INSA) is a virtuous firm I have personally volunteered with for almost a decade. I believe in the value they add to the discourse on matters of national security importance and also in cyber security issues.
Please see the press release below and also download their latest white paper.
Strategic Cyber Intelligence is Essential to Business Security
INSA white paper addresses need for cyber intelligence strategy assessment
ARLINGTON, VA (March 27, 2014) – The Intelligence and National Security Alliance (INSA) today released the Cyber Council’s Cyber Intelligence Task Force white paper, “Strategic Cyber Intelligence.” While much attention has been directed towards the tactical, on-the-network cyber domain, this paper highlights the need for more resources to be focused on strategic information requirements and planning, and concentrates on organizations’ accurate, strategic cyber intelligence assessment processes. The second in the series, it follows the Task Force’s white paper released in fall 2013, “The Operational Levels of Cyber Intelligence,” which provided an overview of the three levels of cyber intelligence: strategic, operational and tactical.
INSA President Ambassador Joseph DeTrani said, “This white paper focuses on the importance of the strategy behind organizations’ cyber intelligence planning whether they be in the public, private or academic sectors. The fundamental purpose of this paper is to promote thought and dialogue on the importance of cyber intelligence, specifically strategic cyber intelligence, to senior leaders’ risk-informed decision making. This will ultimately lead to improved strategy, policy, architecture, and investment to better protect an organization’s mission and assets.”
The Cyber Intelligence Task Force’s white paper addresses the:
- Nexus between strategic cyber intelligence and risk management in relation to strategic cyber intelligence with respect to both consumer and producer roles and responsibilities;
- Role of strategic cyber intelligence analysis in the context of the National Institute of Standards and Technology (NIST) risk assessment methods: vulnerability-based, threat-based and impact-based; and
- Inextricable linkage between the development of intelligence and information sharing.
“Strategic cyber intelligence offers senior leaders of an organization an accurate assessment of how to direct and plan for cyber-related expenses, while keeping them in line with the organization’s risk heuristic. By defining cyber intelligence requirements, based on critical programs and assets, organizations can strategically plan to best protect their business from cyber threat,” said INSA Cyber Intelligence Task Force Co-Chair John Felker.
For an organization to achieve the ultimate goal of establishing strategic cyber intelligence to reduce risk to its critical mission and assets, it must develop and maintain, through the leadership of senior decision-makers, information requirements that orient the intelligence resources to the enterprise’s mission and business needs. The INSA white paper maintains that leveraging Strategic Cyber Intelligence to address strategic information requirements allows an organization to:
- Effectively assess, quantify and explain business risk to senior management and key stakeholders;
- Collaborate in a more meaningful manner with the Intelligence Community, defense organizations, members of law enforcement and the information security community on interests at large;
- Demonstrate an appropriate standard of diligence to regulators, auditors and stakeholders;
- Reduce exposure of the business to regulatory or legal sanctions; and
- Establish responsible security resource expenditure by protecting both what is important to the organization and what is most relevant to the threat.
For more information about INSA or to view the INSA Cyber Council’s Cyber Intelligence Task Force white paper, “Strategic Cyber Intelligence,” and other INSA white papers, please visit www.insaonline.org.
The Intelligence and National Security Alliance (INSA) is the premier intelligence and national security organization that brings together the public, private and academic sectors to collaborate on the most challenging policy issues and solutions. As a non-profit, non-partisan, public-private organization, INSA’s ultimate goal is to promote and recognize the highest standards within the national security and intelligence communities. INSA has 150 corporate members and several hundred individual members who are leaders and senior executives throughout government, the private sector and academia. To learn more about INSA visit www.insaonline.org.