A second important aspect of business design and modeling for a cyber security strategy is the extension capability within TOGAF metamodel and the extend feature of UML use cases. Both allow supplementary relationships to be built around the primary concepts and building blocks. This is very important as cyber security strategy development is unlike a normal business strategy. Yes there are many common features but due to the complexity and often unknown threat and risk, the strategy has to be designed to adapt and evolve where the risk and threat is greatest. So engineering the right capabilities is crucial to ensure people, process and technology coverage is sufficient. Too often the common mistake is to identify technologies up front before it is clear what is required and how they need to operate. Generally this is the reason why historically a lot of SIEM or security technology deployments have been so problematic. A SIEM and other security technologies are selected before the right business and operational capabilities are in place to govern and manage them correctly. On top of that many SIEMs have been deployed without the right due diligence and assessment of security controls or architecture and IT operations. If you don’t know the environment your SIEM is going to protect then it is unlikely you will know the right data architecture and data collection needed.
Over the next few articles i will explore each stage of a cyber security strategy and will begin with the most important part – the threat and risk assessment. Know your enemy, their motives and why they are targeting your organisation and at the same time get to know your organisation, its architecture and vulnerabilities. The AsIs and current operating model is fundamental before you begin to define your targets.