CCE Theses and Dissertations

Campus Access Only

All rights reserved. This publication is intended for use solely by faculty, students, and staff of Nova Southeastern University. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, now known or later developed, including but not limited to photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the author or the publisher.

Date of Award

2014

Document Type

Dissertation - NSU Access Only

Degree Name

Doctor of Philosophy in Information Systems (DISS)

Department

Graduate School of Computer and Information Sciences

Advisor

Marilyn K Littman

Committee Member

Ling Wang

Committee Member

Carol C Woody

Keywords

Advanced Persistent Threats, Cyber Espionage, Cyber Preparedness, Information Security, Risk Management, Security Engineering

Abstract

The protection of sensitive data and technologies is critical in preserving United States (U.S.) national security and minimizing economic losses. However, during a cyber attack, the operational capability to constrain the exfiltrations of sensitive data and technologies may not be available. A cyber preparedness methodology (CPM) can improve operational capability and cyber security. The CPM enables a corporation to (a) characterize cyber threats; (b) determine the level of preparedness necessary to ensure mission success; (c) facilitate strategic planning for cyber security (CS); and (d) establish priorities for CS investment planning and management decisions. The cyber preparedness framework (CPF) underlies the CPM. A corporation's leadership articulates its fundamental approach to risk management (RM) and mission assurance, and determines its target level of preparedness. Typically, corporations utilize the CPF to (a) characterize the caliber of the threat; (b) assess the technical and operational capabilities to counter the threat; and (c) develop the governance and processes necessary to achieve its cyber preparedness level.

The problem that was investigated in this case study was how to construct a CPF for Lockheed Martin (LM) that works in conjunction with a risk management process (RMP). The goal was to extend the CPF into an RMP to construct a risk management framework (RMF) paradigm that can aid similarly large-sized private sector U.S. Government (USG) contractors in implementing the CPM. In this investigation, the author identified the corporate (a) security categorization, (b) cyber threats, (c) cyber threat level, (d) cyber preparedness level, (e) capabilities the corporation should utilize to counter cyber threats, and (f) governance and processes necessary to achieve the cyber preparedness level for a large-sized private sector USG contractor. The results of this investigation were organized in terms of RMP phases. Based on the results, the author constructed an RMF paradigm that can aid similarly large-sized USG contractors in implementing a CPM.

Download
To access this thesis/dissertation you must have a valid nova.edu OR mynsu.nova.edu email address and create an account for NSUWorks.

Free My Thesis

If you are the author of this work and would like to grant permission to make it openly accessible to all, please click the Free My Thesis button.

  Contact Author

Share

COinS