The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/900970
32 PEER TO PEER: THE QUARTERLY MAGAZINE OF ILTA | FALL 2017 FEATURES Baldrige Cybersecurity Initiative: The Journey Toward Excellence in Information Security Management Enter the Baldrige Cybersecurity Initiative, and a powerful new tool to address the dual challenge of identifying and measuring cybersecurity performance excellence and improving communications with senior stakeholders. Baldrige's self-assessment tool, the Cybersecurity Excellence Builder, Version 1.0 (BCEB), is the only freely available assessment methodology connected to Baldrige's internationally recognized framework for evaluating the quality and maturity of key business processes and their impact on results. Greg Wie, Senior Security Officer for Maryland- based G2, Inc., and a key contributor to the BCEB, describes the concept behind the tool as one where "maturity and operational excellence go hand- in-hand." Says Wie, "An operationally excellent organization understands how to achieve its mission with efficiency, teamwork and effectiveness—and then achieves that goal. Maturity, in turn, is the application of processes that help achieve performance excellence, progressing from a random, ad hoc approach to one that is optimized." Baldrige Cybersecurity Excellence Builder, Version 1.0 The Baldrige Performance Excellence Program, administered by the National Institute of Standards and Technology (NIST), emerged from legislation passed in the mid-eighties, prompted by an urgent national need to improve the quality of U.S. products and services in response to global competition. The Baldrige Program, named posthumously for former quality advocate and Secretary of Commerce Malcolm Baldrige, oversees the Presidential award for performance excellence. The Baldrige Excellence Framework is the embodiment of the program's mission and purpose. It helps organizations of all sizes answer three questions essential to achieving goals, improving results and becoming more competitive: "Is your organization doing as well as it could? How do you know? What and how should your organization improve or change?" The BCEB presents a deviation from the usually function-neutral Baldrige approach, as it singles out cybersecurity as a critical resource for organizations. The Cybersecurity Initiative followed NIST's publication of the Cybersecurity Framework (NIST CSF), which was itself set in motion by an Obama- era executive order that called for cybersecurity improvements for the nation's critical infrastructure. The NIST CSF received a presidential boost in May 2017 when the Trump administration issued an executive order that explicitly directs most federal agencies to use this document as the basis for their cybersecurity management programs. Together, the Baldrige Framework and CSF define the key principles, objectives and metrics of the BCEB. Leadership Understand how your leaders' actions guide and sustain your cybersecurity risk management. Strategy Create clear strategic priorities for your cybersecurity programs. Organizational Context Understand the business factors and organizational priorities underlying your cybersecurity risk management. Workforce Engage and empower your entire workforce to achieve your cybersecurity-related objectives. Customers Understand and exceed the cybersecurity-related requirements and expectations of your customers. * FROM BALDRIGE PERFORMANCE E XCELLENCE PRO GR AM . " BALDRIGE CYBERSECURIT Y E XCELLENCE BUILDER." 2017. NATIONAL INS TITUE OF S TANDARDS AND TECHNOLO GY. Measurement, Analysis, and Knowledge Management Through measurement and analysis, align cybersecurity policies and operations with your objectives. Manage your organization's cybersecurity-related knowledge. Operations Design, manage, and improve your cybersecurity operations for effectiveness and efficiency. Results Use data and information to evaluate and improve cybersecurity-related policies and operations in alignment with your strategy. Integration Strategy Customers Leadership Workforce Operations RESULTS CORE VA LUES A ND CON CEPTS ORGAN I ZA TI ONA L CONTEXT Measurement, Analysis, and Knowledge Management