Architecting a secure enterprise with a systems-thinking approach

Lee, Samuel J.G.(Samuel Joo Guan)

Author(s)

Lee, Samuel J.G.(Samuel Joo Guan)

Download1119537436-MIT.pdf (29.94Mb)

Other Contributors

Massachusetts Institute of Technology. Engineering and Management Program.

System Design and Management Program.

Advisor

Donna H. Rhodels.

Terms of use

MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. http://dspace.mit.edu/handle/1721.1/7582

Metadata

Show full item record

Abstract

On April 1, 2015, President Obama issued an executive order, declaring that the increasing prevalence and severity of malicious cyber-enabled activities constitute an unusual and extraordinary threat to the national security, foreign policy and economy of the United States. He declared a national emergency to deal with this threat and included $14 billion for Cyber Security spending in his 2016 budget. On a corporate level, based on a survey conducted in 2018, 27% of IT and Cyber Security professionals said that their biggest Cyber Security challenge is that business managers don't understand or support strong Cyber Security while 27% of respondents say their biggest Cyber Security challenge is the difficulty of managing the complexity of too many disconnected Cyber Security tools. (Oltsik, 2018) From these national and corporate challenges, an apparent Cyber Security challenge exists. The national challenge is further insinuated by two key issues.

First, the disconnect between business managers and security managers. Second, the complexity of too many disconnected Cyber Security tools faced at the corporate level. "In the past the man has been first; in the future the system must be first." (Taylor, 1919) As Frederick Winslow Taylor stated in his book, "Principles of Scientific Management, in the context of management, Taylor implied that developing great systems will yield greater benefits than developing great men. Similar, the author believe that the design of a cyber-security architecture should be approached with a system-thinking approach, where the sum of the system parts is greater than the parts itself, less so from an individual's perspective.

Taking this approach, the author aims to discuss the challenge in managing the evolving cyber threats, the external eco-system challenges faced by financial institutions, the differing stakeholders' needs raised to the cyber-security team, and how a systems-thinking cyber-security architecture will be more effective in dealing with threats and challenges arising from both externally and internally.

Description

Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2019

Cataloged from PDF version of thesis.

Includes bibliographical references (pages 119-125).

Date issued

2019

URI

https://hdl.handle.net/1721.1/122249

Department

Massachusetts Institute of Technology. Engineering and Management Program

Publisher

Massachusetts Institute of Technology

Keywords

Engineering and Management Program., System Design and Management Program.

Collections

Graduate Theses