CCE Theses and Dissertations
Campus Access Only
All rights reserved. This publication is intended for use solely by faculty, students, and staff of Nova Southeastern University. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, now known or later developed, including but not limited to photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the author or the publisher.
Date of Award
2014
Document Type
Dissertation - NSU Access Only
Degree Name
Doctor of Philosophy in Information Systems (DISS)
Department
Graduate School of Computer and Information Sciences
Advisor
Marilyn K Littman
Committee Member
Ling Wang
Committee Member
Carol C Woody
Keywords
Advanced Persistent Threats, Cyber Espionage, Cyber Preparedness, Information Security, Risk Management, Security Engineering
Abstract
The protection of sensitive data and technologies is critical in preserving United States (U.S.) national security and minimizing economic losses. However, during a cyber attack, the operational capability to constrain the exfiltrations of sensitive data and technologies may not be available. A cyber preparedness methodology (CPM) can improve operational capability and cyber security. The CPM enables a corporation to (a) characterize cyber threats; (b) determine the level of preparedness necessary to ensure mission success; (c) facilitate strategic planning for cyber security (CS); and (d) establish priorities for CS investment planning and management decisions. The cyber preparedness framework (CPF) underlies the CPM. A corporation's leadership articulates its fundamental approach to risk management (RM) and mission assurance, and determines its target level of preparedness. Typically, corporations utilize the CPF to (a) characterize the caliber of the threat; (b) assess the technical and operational capabilities to counter the threat; and (c) develop the governance and processes necessary to achieve its cyber preparedness level.
The problem that was investigated in this case study was how to construct a CPF for Lockheed Martin (LM) that works in conjunction with a risk management process (RMP). The goal was to extend the CPF into an RMP to construct a risk management framework (RMF) paradigm that can aid similarly large-sized private sector U.S. Government (USG) contractors in implementing the CPM. In this investigation, the author identified the corporate (a) security categorization, (b) cyber threats, (c) cyber threat level, (d) cyber preparedness level, (e) capabilities the corporation should utilize to counter cyber threats, and (f) governance and processes necessary to achieve the cyber preparedness level for a large-sized private sector USG contractor. The results of this investigation were organized in terms of RMP phases. Based on the results, the author constructed an RMF paradigm that can aid similarly large-sized USG contractors in implementing a CPM.
NSUWorks Citation
Dawn Marie Beyer. 2014. Constructing a Cyber Preparedness Framework (CPF): The Lockheed Martin Case Study. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, Graduate School of Computer and Information Sciences. (90)
https://nsuworks.nova.edu/gscis_etd/90.