Cybersecurity Management Program

Abstract: The typical cybersecurity plan for an organization divides the security problem into two categories: the human problem and the technology problem. The human problem deals with educating the employees on things like spear phishing attacks, building of a cybersecurity culture, and communicating across an organization. Cisco offers an interesting addition to this standard division. Cisco breaks the task of cybersecurity management into three pillars: executive management (strategy), operations, and technology (tactical). The executive management pillar drives the cybersecurity plan from the top level of the organization. The technology pillar is the standard technology solution: keeping software patched and such. The operations pillar encapsulates everything needed to actually implement a cybersecurity plan. These three pillars can be thought of as the people, the process, and the technology; the why, the what, and the how. Keywords: cybersecurity management, cybersecurity operations