Cybersecurity is one of the most critical and fast-changing issues of our time, yet today, the field is essentially a specialization across a range of disciplines. While individual cybersecurity stakeholders have frequent informal interactions, the scale and transgressive nature of today’s cyber threats demand deliberate, collaborative, and complete solutions across disciplines. However, because it is a field of specializations, there are natural impediments to cybersecurity collaboration that often cause us to underestimate the scope of the challenges associated with cyber attacks and overlook potential solutions.
The NextWare Cyber Collaboration Toolkit is designed to be used by stakeholders from any discipline with the intention that cybersecurity practitioners will continuously enhance and improve it over time. The Toolkit offers users a set of prototype tools designed to overcome natural impediments to collaboration by improving organizational understanding of the cyber landscape and identifying areas in which collaborative partnerships will build better cybersecurity solutions. Establishing clear channels of communication, effective methods for collaboration, and a common understanding of cyber threats among disparate groups will help generate more actionable solutions to endemic cybersecurity challenges.
USERS, USE CASES, & GOALS
This prototype toolkit is designed for those who face endemic cybersecurity challenges and need to bring multi-disciplinary stakeholders together to collaboratively address these challenges from technical, policy, legal, or organizational standpoints.
- A CISO looking to collaborate with stakeholders outside the technical team
- A Head of Legal Liability aiming to reduce cybersecurity risks
- A policymaker looking to develop alliances across agencies and/or with stakeholders outside of government
This toolkit is intended for use when addressing ongoing cybersecurity challenges that include demanding non-technical considerations and require collective, interdisciplinary action, including situations that drive the user to:
- Proactively identify and address cybersecurity challenges before an event occurs.
Example: A retail company, witnessing attacks on others in its industry, recognizes the need to prepare for a potential breach of its own.
- Address an ongoing series of attacks or events.
Example: A bank is constantly under attack and recognizes the need for a broader, more inclusive approach to its cybersecurity.
- Address issues that concern an entire industry or sector.
Example: A government agency is concerned with the cybersecurity of public utilities and looks to build a coalition to address specific threats.
The prototype toolkit is not intended to support immediate responses to a cybersecurity incident. Rather, it is designed to help users better understand the nature of their cybersecurity challenges and orient a broader team toward potential solutions. It does not offer specific solutions but will provide users with the resources to define their problem space and convene a team of experts to identify technical, policy, legal, or organizational solutions.
Example: The Chief Financial Officer at a major corporation is aware they have been hit by a series of low-level cyber attacks and is under pressure to address the corporation’s vulnerabilities. Before seeking out assistance from a cybersecurity firm or the federal government, the CFO looks to improve her understanding of the risk posed by this type of threat, existing mitigation efforts, who can help provide a solution within and/or without the organization, and the most effective way to move forward. Using the toolkit, the CFO is able to convene the right group of stakeholders within and external to her corporation to identify, prioritize, and address the corporation’s vulnerability to cyber threats.