The Cyber Prep Framework Analysis

Summary This article describes and examines four cyber security anti-patterns that result in poor security practices and weaknesses in organizations. As cyber-attacks become routine, investigating these themes will benefit from a strong security posture, reduce losses of intellectual property, increase customer confidence, and potential cost avoidance for affected organizations. Accordingly, the “novel contribution of this article is to offer a holistic treatment of security failures, covering the psychological, technical, and organizational aspects of cyber security.” (Julisch, 2013) One of the anti-patterns is an overreliance on intuition and past experience caused when prioritizing security investments and not knowing “the probability of cyber attacks, the effectiveness of existing countermeasures in defending against these attacks, and the impact or cost of attacks.” (Julisch, 2013) So, the trend is to be bias that future threats will not emerge, security breaches will happen to other people, risks will not occur if didn’t transpire in the past, and “confirmation bias” to ignore indicator that goes against their predetermined ideas and thoughts. Although there are no standard approaches to eliminate the bias, collecting comprehensive data should be the first step. Followed by …show more content…
“The Cyber Prep framework defines five levels of organizational preparedness, characterized in terms of (a) the organization’s perspective on, and/or assumptions about, the threat it faces (adversary characteristics and representative threat scenarios), (b) the organization’s overall strategy for addressing the cyber threat, in the context of its ICT infrastructure and business processes, and (c) the organization’s approach to cyber security governance.” (Bodeau, Fabius-Greene, Graubart,