Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Report

Improving Federal Cybersecurity Governance Through Data-Driven Decision Making and Execution

  • Abstract

    Although efforts are underway through Information Security Continuous Monitoring initiatives to improve situational awareness and risk mitigation at the operational level, the federal government must make better enterprise-level cybersecurity decisions in the shortest time possible. This report outlines an approach called Data Driven Cybersecurity Governance Decision Making.  This approach leverages the Observe, Orient, Decide, Act (OODA) loop used by the U.S. Department of Defense to enable decision makers at the strategic levels of government to best set the conditions for success at the point of execution. To best target the unique considerations of enterprise decision makers, this report discusses the difference between cybersecurity governance and cybersecurity operations. Within this context, it describes best practices in collecting and analyzing authoritative data present in the federal space to develop a level of situational awareness tailored to decision makers’ needs in a cybersecurity governance scorecard. Cybersecurity governance decision makers can leverage this enhanced situational awareness to support a data-driven decision-making process that targets root causes of the problems facing the federal government enterprise. Finally, the report discusses key considerations to ensure success at the point of execution based on work performed in the Observe, Orient, and Decide phases of the OODA Loop.

  • Download

Cite This Report

SEI

Gray, Douglas; Wisniewski, Brian; Allen, Julia; Cois, Constantine; Connell, Anne; Ebel, Erik; Gulley, William; Riley, Michael; Stoddard, Robert; & Vaughn, Marie. Improving Federal Cybersecurity Governance Through Data-Driven Decision Making and Execution. CMU/SEI-2015-TR-011. Software Engineering Institute, Carnegie Mellon University. 2015. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=444952

IEEE

Gray. Douglas, Wisniewski. Brian, Allen. Julia, Cois. Constantine, Connell. Anne, Ebel. Erik, Gulley. William, Riley. Michael, Stoddard. Robert, and Vaughn. Marie, "Improving Federal Cybersecurity Governance Through Data-Driven Decision Making and Execution," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2015-TR-011, 2015. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=444952

APA

Gray, Douglas., Wisniewski, Brian., Allen, Julia., Cois, Constantine., Connell, Anne., Ebel, Erik., Gulley, William., Riley, Michael., Stoddard, Robert., & Vaughn, Marie. (2015). Improving Federal Cybersecurity Governance Through Data-Driven Decision Making and Execution (CMU/SEI-2015-TR-011). Retrieved June 25, 2018, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=444952

CHI

Douglas Gray, Brian Wisniewski, Julia Allen, Constantine Cois, Anne Connell, Erik Ebel, William Gulley, Michael Riley, Robert Stoddard, & Marie Vaughn. Improving Federal Cybersecurity Governance Through Data-Driven Decision Making and Execution (CMU/SEI-2015-TR-011). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2015. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=444952

MLA

Gray, Douglas., Wisniewski, Brian., Allen, Julia., Cois, Constantine., Connell, Anne., Ebel, Erik., Gulley, William., Riley, Michael., Stoddard, Robert., & Vaughn, Marie. 2015. Improving Federal Cybersecurity Governance Through Data-Driven Decision Making and Execution (Technical Report CMU/SEI-2015-TR-011). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=444952

BibTex

@techreport{GrayImprovingFederal2015,
title={Improving Federal Cybersecurity Governance Through Data-Driven Decision Making and Execution},
author={Douglas Gray and Brian Wisniewski and Julia Allen and Constantine Cois and Anne Connell and Erik Ebel and William Gulley and Michael Riley and Robert Stoddard and Marie Vaughn},
year={2015},
number={CMU/SEI-2015-TR-011},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=444952} }