Presentation is loading. Please wait.

Presentation is loading. Please wait.

Faculty Supervisor: Dr. Thomas Gallagher

Published byYuliani Hermanto Modified over 5 years ago

Similar presentations

Presentation on theme: "Faculty Supervisor: Dr. Thomas Gallagher"— Presentation transcript:

1 Faculty Supervisor: Dr. Thomas Gallagher
Adopting a Military Strategy for Small and Midsize Business Cybersecurity Incident Response Sam Bartsch, Austin Martinez, and John Williams May 2019 Faculty Supervisor: Dr. Thomas Gallagher

2 Introduction: Problem Statement:
Responding to cybersecurity data breach incidents is a significant concern for businesses of all sizes and industry sectors. Recovering from these incidents is particularly challenging for small- to medium-sized businesses (SMBs) due to the limited support staff and institutional knowledge of incident response strategies. Purpose: The purpose of this case study is to discover whether employing military strategy in combating cybersecurity incident response can be used to improve results for SMBs.

3 Introduction Guiding Question:
Does a military strategy for cybersecurity incident response improve outcomes for SMBs? If a military strategy is employed, does it follow Boyd’s and/or Sun Tzu’s decision-making framework? If a military decision-making framework is in use, is it by design or by default? Guiding Question: Does a military strategy for cybersecurity incident response improve outcomes for SMBs? If a military strategy is employed, does it follow Boyd’s and/or Sun Tzu’s decision-making framework? If a military decision making framework is in use, is it by design or by default?Guiding Question: If a military decision making framework is in use, is it by design or by default?

4 Retrieved from https://icitech

5 Introduction: Definitions
Data Breach A security breach is defined as unauthorized acquisition of data that compromises the security, confidentiality, or integrity of personal information maintained by us. Good faith acquisition of personal information by an employee or agent of our company for business purposes is not a breach, provided that the personal information is not used or subject to further unauthorized disclosure. SMB For the purpose of this study, we defines small business as those with as one to 100 employees, and medium as those with 101 to employees. The second attribute that defines SMB is annual revenue. A midsize enterprise is defined as organizations that make more than $50 million, but less than $1 billion in annual revenue Incident Response The process of identifying, investigating, repairing, documenting, and adjusting procedures to prevent a subsequent incident.

6 Literature Review: SMBs
Retrieved from ConnectSLO_What-can-you-lose_Security_ v3

7 Retrieved from CompTIA Security+ Study Guide: SY0-501

8 Implementing a Military Approach
Literature Review Why a Military Approach? Photo retrieved from

9 Literature Review: Boyd and Tzu
Developed the OODA Loop Was a United States Air Force Pilot Inspired the Lightweight Fighter Program Sun Tzu Chinese General Wrote “The Art of War” Influential military strategist Photo Retrieved from Photo retrieved from

10 Literature Review: Boyd’s OODA Loop
Photo Retrieved from

11 Literature Review: Synthesis
NIST Boyd’s OODA Sun Tzu Preparation Observe and Orient Know your enemy Identification Identify internal weaknesses Containment Decide and Act Force the enemy to make decisions that favor you. Eradication Act Attack the enemy where they least expect Recovery Learn from created opportunities Reflection

12 Method: Securely Obtaining The Data
All Personally Identifiable Information removed One copy sealed by the Security Officer Delivered to Dept Head for use in our project Available for one predetermined time frame for our use Returned to Security Officer for physical destruction

13 Preliminary Findings Actions in all 3 case studies were easily categorized in one of the 6 NIST steps All 3 SMB’s remained, or became, clients of the MSP from which we obtained the case studies 1 out of our 3 case studies involved a malicious network intrusion, while the remaining two were incidents in which data was compromised by internal actions and hardware failure OODA was easily observed in all cases, though this was not by intent, showing the validity of applying the OODA framework to cybersecurity

14 Preliminary Conclusions
Our research led us to mention of the OODA loop being used as a framework for cybersecurity We traced the OODA loop to it’s origins in the writings of John Boyd Comparisons were made regarding the approach of Sun Tzu, John Boyd and Cybersecurity industry leaders (NIST, SANS) Through case studies we were able to determine that the OODA framework is applicable and effective in cybersecurity incident response due to the nature of incident response requiring rapid action as well as careful thought and planning

15 Guiding Question: Does a military strategy for cybersecurity incident response improve outcomes for SMBs? If a military strategy is employed, does it follow Boyd’s and/or Sun Tzu’s decision-making framework? If a military decision-making framework is in use, is it by design or by default? Guiding Question: Does a military strategy for cybersecurity incident response improve outcomes for SMBs? If a military strategy is employed, does it follow Boyd’s and/or Sun Tzu’s decision-making framework? If a military decision making framework is in use, is it by design or by default?Guiding Question: If a military decision making framework is in use, is it by design or by default?

Download ppt "Faculty Supervisor: Dr. Thomas Gallagher"

Similar presentations

Identifying and Responding to Security Incidents in the Law Firm

Identifying and Responding to Security Incidents in the Law Firm
Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’

Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’
Forensics, Fighter Pilots and the OODA Loop The Role of Digital Forensics in Cyber Command & Control Heather M.B. Dussault, Ph.D. Assistant Professor,

Forensics, Fighter Pilots and the OODA Loop The Role of Digital Forensics in Cyber Command & Control Heather M.B. Dussault, Ph.D. Assistant Professor,
Supporting continuous improvement in the replication process Getting to Grips with Replication Seminar 3: Monitoring, evaluation & continuous improvement.

Supporting continuous improvement in the replication process Getting to Grips with Replication Seminar 3: Monitoring, evaluation & continuous improvement.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Lecture 8 Understanding entity and its environment

Lecture 8 Understanding entity and its environment
Network security policy: best practices

Network security policy: best practices
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Copyright 2004 -- Raytheon Company, An Unpublished Work Using the OODA Loop (Observe, Orient, Decide, Act) for Measurement & Analysis or “Measure Like.

Copyright Raytheon Company, An Unpublished Work Using the OODA Loop (Observe, Orient, Decide, Act) for Measurement & Analysis or “Measure Like.
Mrs. Maninder Kaur 1 Mrs. Maninder Kaur

Mrs. Maninder Kaur 1 Mrs. Maninder Kaur
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
Marketing Research  Def. - Formal communication link with the environment to provide accurate and useful information for better decision making.  Systematic.

Marketing Research  Def. - Formal communication link with the environment to provide accurate and useful information for better decision making.  Systematic.
Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.

Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.
Risk Management (Risk Identification)

Risk Management (Risk Identification)
Chapter 5 Internal Control over Financial Reporting

Chapter 5 Internal Control over Financial Reporting
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Introducing the Next Generation Science Standards (NGSS)

Introducing the Next Generation Science Standards (NGSS)
Information Assurance Market Research June 2009. Executive Summary Small response rate (n=43) General low awareness of information security controls and.

Information Assurance Market Research June Executive Summary Small response rate (n=43) General low awareness of information security controls and.

Similar presentations

Ads by Google