Naval Postgraduate School
Dudley Knox Library
NPS Dudley Knox Library
View Item 
  •   Calhoun Home
  • Departments, Schools and Academic Groups Publications
  • Acquisition Research Program
  • Acquisition Research Symposium
  • View Item
  •   Calhoun Home
  • Departments, Schools and Academic Groups Publications
  • Acquisition Research Program
  • Acquisition Research Symposium
  • View Item
  • How to search in Calhoun
  • My Accounts
  • Ask a Librarian
JavaScript is disabled for your browser. Some features of this site may not work without it.

Browse

All of CalhounCollectionsThis Collection

My Account

LoginRegister

Statistics

Most Popular ItemsStatistics by CountryMost Popular Authors

Lessons Learned in Building and Implementing an Effective Cybersecurity Strategy

Thumbnail
Download
IconSYM-AM-21-057.pdf (426.7Kb)
Download Record
Download to EndNote/RefMan (RIS)
Download to BibTex
Author
Woody, Carol
Creel, Rita
Date
2021-05-10
Metadata
Show full item record
Abstract
Today's missions rely on highly integrated and complex technology that must be protected from a wide range of adversaries in a very dynamic and contested cyber environment. The predominant response to the growing, shifting cyber threat has been to apply cyber hygiene best practices and focus on satisfying compliance mandates for an authority to operate. While necessary, these steps alone are not sufficient, given the pace of technology change and the increasing abilities of our adversaries. For organizations developing or acquiring complex, software-enabled technologies, a cybersecurity strategy provides a critical set of guidelines that enable intelligent, risk-based decisions throughout the life cycle. The strategy identifies planning, design, monitoring, and enforcement considerations for integrating cybersecurity into all products, processes, and resources. As such, it defines expectations for how the individual technology components, their assembled configurations, and their interactions will meet the security requirements of a mission. Effective cybersecurity requires the application of engineering rigor to the process of defining security requirements in the context of other system imperatives. Cybersecurity engineering is a discipline focused on analyzing and managing mission and system cyber risk and trade-offs across the life cycle. Cybersecurity engineers evaluate interactions, dependencies, and system response to attacks. They identify security practices and mechanisms that need coordination across the life cycle, spanning components, people, processes, and tools. They prepare the technology to handle the operational environment where it will ultimately reside. In this paper, we introduce the purpose of a cybersecurity strategy and describe the role of cybersecurity engineering in implementing it. We identify six key cybersecurity engineering activities and share observations on how these activities can be used to address the challenges acquisition programs face as they work to improve cybersecurity under resource and time constraints.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
URI
http://hdl.handle.net/10945/68120
NPS Report Number
SYM-AM-21-057
Collections
  • Acquisition Research Symposium

Related items

Showing items related by title, author, creator and subject.

  • Thumbnail

    Lessons Learned in Building and Implementing an Effective Cybersecurity Strategy [video] 

    Woody, Carol; Creel, Rita (Monterey, California. Naval Postgraduate School, 2021-05-20); SYM-AM-21-220; SYM-AM-21-145
    Today's missions rely on highly integrated and complex technology that must be protected from a wide range of adversaries in a very dynamic and contested cyber environment. The predominant response to the growing, shifting ...
  • Thumbnail

    UNMANNED AERIAL SYSTEM RISK MANAGEMENT DECISION MATRIX 

    Daponte, Aaron M.; Maguire, Gregory A.; Roldan, Calvin J. (Monterey, CA; Naval Postgraduate School, 2020-06);
    The Department of Defense (DOD) lacks a suitable method for identifying and managing the cybersecurity risks associated with commercial off-the-shelf (COTS) unmanned aerial system (UAS) use. With no method in place to ...
  • Thumbnail

    Acquisition Cybersecurity Management Framework 

    Maule, Randy William (Monterey, California. Naval Postgraduate School, 2019-04-30); SYM-AM-19-037
    Current organizational structures have proven insufficient for cyber and information assurance. The acquisition role may be resourced and expanded to support information assurance and systems compliance. A supply chain ...
NPS Dudley Knox LibraryDUDLEY KNOX LIBRARY
Feedback

411 Dyer Rd. Bldg. 339
Monterey, CA 93943
circdesk@nps.edu
(831) 656-2947
DSN 756-2947

    Federal Depository Library      


Start Your Research

Research Guides
Academic Writing
Ask a Librarian
Copyright at NPS
Graduate Writing Center
How to Cite
Library Liaisons
Research Tools
Thesis Processing Office

Find & Download

Databases List
Articles, Books & More
NPS Theses
NPS Faculty Publications: Calhoun
Journal Titles
Course Reserves

Use the Library

My Accounts
Request Article or Book
Borrow, Renew, Return
Tech Help
Remote Access
Workshops & Tours

For Faculty & Researchers
For International Students
For Alumni

Print, Copy, Scan, Fax
Rooms & Study Spaces
Floor Map
Computers & Software
Adapters, Lockers & More

Collections

NPS Archive: Calhoun
Restricted Resources
Special Collections & Archives
Federal Depository
Homeland Security Digital Library

About

Hours
Library Staff
About Us
Special Exhibits
Policies
Our Affiliates
Visit Us

NPS-Licensed Resources—Terms & Conditions
Copyright Notice

Naval Postgraduate School

Naval Postgraduate School
1 University Circle, Monterey, CA 93943
Driving Directions | Campus Map

This is an official U.S. Navy Website |  Please read our Privacy Policy Notice  |  FOIA |  Section 508 |  No FEAR Act |  Whistleblower Protection |  Copyright and Accessibility |  Contact Webmaster

Export search results

The export option will allow you to export the current search results of the entered query to a file. Different formats are available for download. To export the items, click on the button corresponding with the preferred download format.

A logged-in user can export up to 15000 items. If you're not logged in, you can export no more than 500 items.

To select a subset of the search results, click "Selective Export" button and make a selection of the items you want to export. The amount of items that can be exported at once is similarly restricted as the full export.

After making a selection, click one of the export format buttons. The amount of items that will be exported is indicated in the bubble next to export format.