Architecting a secure enterprise with a systems-thinking approach
Author(s)
Lee, Samuel J.G.(Samuel Joo Guan)
Download1119537436-MIT.pdf (29.94Mb)
Other Contributors
Massachusetts Institute of Technology. Engineering and Management Program.
System Design and Management Program.
Advisor
Donna H. Rhodels.
Terms of use
Metadata
Show full item recordAbstract
On April 1, 2015, President Obama issued an executive order, declaring that the increasing prevalence and severity of malicious cyber-enabled activities constitute an unusual and extraordinary threat to the national security, foreign policy and economy of the United States. He declared a national emergency to deal with this threat and included $14 billion for Cyber Security spending in his 2016 budget. On a corporate level, based on a survey conducted in 2018, 27% of IT and Cyber Security professionals said that their biggest Cyber Security challenge is that business managers don't understand or support strong Cyber Security while 27% of respondents say their biggest Cyber Security challenge is the difficulty of managing the complexity of too many disconnected Cyber Security tools. (Oltsik, 2018) From these national and corporate challenges, an apparent Cyber Security challenge exists. The national challenge is further insinuated by two key issues. First, the disconnect between business managers and security managers. Second, the complexity of too many disconnected Cyber Security tools faced at the corporate level. "In the past the man has been first; in the future the system must be first." (Taylor, 1919) As Frederick Winslow Taylor stated in his book, "Principles of Scientific Management, in the context of management, Taylor implied that developing great systems will yield greater benefits than developing great men. Similar, the author believe that the design of a cyber-security architecture should be approached with a system-thinking approach, where the sum of the system parts is greater than the parts itself, less so from an individual's perspective. Taking this approach, the author aims to discuss the challenge in managing the evolving cyber threats, the external eco-system challenges faced by financial institutions, the differing stakeholders' needs raised to the cyber-security team, and how a systems-thinking cyber-security architecture will be more effective in dealing with threats and challenges arising from both externally and internally.
Description
Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2019 Cataloged from PDF version of thesis. Includes bibliographical references (pages 119-125).
Date issued
2019Department
Massachusetts Institute of Technology. Engineering and Management ProgramPublisher
Massachusetts Institute of Technology
Keywords
Engineering and Management Program., System Design and Management Program.