![Sample our Economics, Finance,Business & Industry journals, sign in here to start your access, latest two full volumes FREE to you for 14 days]({"type":"image" , "src" : "/sda/5931/TOC-Subject-Sample-2021-Economics-Finance-Business-Industry.jpg"})
Abstract
In today’s digital dependent world, organizations struggle to mitigate a stealthy, well-resourced, and tenacious advanced persistent threat (APT) attacks by nefarious actors, organizations, and even nation-states with intent on gaining a foothold into an organization’s IT infrastructure. This onslaught of advanced attacks requires far more than baseline security practices. While most security professionals are APT-aware, many lack the experience, requisite skills, and the ability to integrate technology to counter APT attacks. The problem is exacerbated by a widening cybersecurity skills gap. Recent research by ISACA, the world’s largest information security professional association, reported more than 60% of applicants for entry level cybersecurity positions lack the skill and ability to perform the tasks associated with their potential new roles. Success against the APT is predicated on insight into APT attack stages and the integration of technology to enable organizational resilience; however, this is not possible in organizations do not have the workforce with the requisite knowledge, skills, and abilities to perform the technical tasks related to their functional roles. This article addresses a customized response strategy executed by a skilled workforce that mitigates and even counters attacks. The strategy recommends that a coordinated response based on organization risk management policies be implemented. In addition, it requires organizational insight into their information assets, control of administrator privileges, implementation of sound network segregation architecture, and a commitment to a balanced vulnerability management program. It is critical that a further discussion occur to outline skills acquisition based on skills-based training and performance-based assessments.
Additional information
Notes on contributors
Robin “Montana“ Williams
Robin “Montana” Williams, MA-IOP, CWDP, is ISACA’s Senior Manager, Cybersecurity Practices, Public Sector Business Development Executive, & Cyber Evangelist. He executes an intradepartmental cross functioning cybersecurity and risk management strategy to focus delivery of information security products globally, to include ISACA’s Cybersecurity Nexus program–the industry's first performance-based certification and professional development program. In addition, he was recalled by the White House staff to co-chair the Training and Certification Sub-Working Group for the National Initiative for Cybersecurity Education (NICE). Finally, he currently serves as an adjunct professor at California State University-San Bernardino. Prior, Mr. Williams served as Chief, Cybersecurity Education & Awareness Branch at the Department of Homeland Security & senior strategic advisor to the White House on the National Initiative for Cybersecurity Education (NICE), his team created the National Cybersecurity Workforce Framework, built the Federal Virtual Training Environment, developed the National Initiative for Cybersecurity Careers and Studies Portal, & led National Cybersecurity Awareness Month. He has over 25 years’ experience in military operations, intelligence, cybersecurity, & workforce development, including commanding the USAF Cyber Red Team. Currently a doctoral candidate in Industrial-Organizational Psychologist & Certified Workforce Development Professional, he is a globally recognized expert in cyber resiliency & human factors related to cybersecurity incidents. He can be reached at [email protected].