The concept of a cyber common operating picture (COP) is changing the game of information security. Now an “industry best practice” in Federal government and industry, implementing a cyber COP marks a shift from the traditional “snapshot in time” assessment process, to assessing and monitoring networks, systems, threats, and controls in “near real-time”. This fresh approach to information security is focused on maintaining situational awareness of enterprise-wide information security controls and threats based on key effectiveness measures; and presenting/scoring those measures in a way that drives individuals to change their behavior – to focus more on managing risk based on impact to the mission.
The success of MI:COP is focused around the aggregation of disparate data feeds and the presentation of that data in one intuitive user interface. It is configured to receive inputs from the cybersecurity tools that an organization already has in place, collect the most useful information from each tool, and translate that data into a dashboard that allows the tracking of custom metrics defined by the organization to best monitor the organization's security posture.
To further assist with maintaining enterprise-wide situational awareness, the MI:COP dashboards are built on a multi-tiered system where each tier corresponds to a different level of the organizational structure. From the tier-1 Enterprise-Wide Executive Dashboard, users can see a broad view of the organization's risk profile. On tier-3 dashboards, users can see details of specific security trends for particular business units within the organization.
The development of a MI:COP solution involves a customization process meant to tailor the solution to the specific needs of each organization. First, we conduct a business impact assessment (BIA) to identify the critical business functions of your organization, as well as develop an understanding of how specific IT assets support those functions. Based on the results, we determine the key effectiveness measures that best suit your mission and aggregate the data feeds necessary for monitoring those measures.
Once all the expected data feeds are captured in a central database, customized algorithms (or scripts) will need to be developed to query (and organize) the dataset. These algorithms (combined with the actual database design) are where the “secret sauce” of the COP program resides. How the data feeds are organized, parsed, or prioritized is based on the design of the queries. Ultimately, the right custom queries will enable access to actionable data and improved risk decision-making.
Once the dashboard is up and running and the MI:COP solution is operational, it needs to be continuously managed and tweaked to evolve with your organization. As new IT systems, business processes, and organizational priorities arise, the different components of the MI:COP solution architecture (e.g., metrics, tools, analytics/data queries) are adjusted to suit your changing needs.