Documente Academic
Documente Profesional
Documente Cultură
A M ving
Target
Blame it on Apple.
“The factor in the market that’s changed the way C-level officers think
about [mobile security] is the iPhone,” says Al Potter, senior consulting
analyst with ICSA Labs, an organization involved in research, intelligence
and certification testing of products. The iPhone, with its ability to access
the Internet and download applications, has raised users’ expectations for
wireless devices. It has also complicated the job of information security
professionals and raised awareness of how vulnerable mobile computing
devices can be.
As these devices get smaller, more powerful and more ubiquitous,
information security strategies must adapt. In the long term, the mobil-
ity imperative may force a refocusing by security professionals in their
i llu st r at i o n by p et e m cA rt h u r / ve e r
t
team awareness, stability
and performance.
By Scott Holbrook
eam leadership is to create excellence in spite of seemingly emotions and impulses in a variety of
challenging, even on a good insurmountable obstacles. These groups situations
day with a great group. likely exhibited team intelligence, and Social awareness: being conscious
Leaders are constantly created team awareness as individual of, and understanding, how emotions
scanning the horizon for members learned each other’s strengths affect others
strategic input, work- and developed strategies for success. Relationship management: cre-
ing to increase customer In this era of globalization and geo- ating and maintaining relationships
satisfaction, dealing with graphically disparate teams, leaders are across a spectrum of social levels; the
operational constraints no longer afforded the luxury of creat- ability to motivate others even in chal-
and handling day-to-day ing the perfect team from a blank ros- lenging situations.
personnel issues. Add in ter. How can they move their teams up Effective leaders begin at the indi-
an underperforming team the performance ladder? How can they vidual level and foster team awareness.
and you have a recipe for frustration inspire sustained excellence? By nurtur- This process includes an honest internal
that, left unaddressed, becomes a ticking ing individuals, developing an environ- assessment of the team’s capabilities by
time bomb for everyone involved. ment of trust and communication, and the individuals themselves, as well as
Teams often sabotage their own suc- enabling team intelligence. an external customer’s assessment of
cess by creating artificial boundaries the same capabilities. Combined with a
to include their strengths and exclude Defining Team Intelligence team-specific focus inventory, a plan of
their weaknesses. This hinders success Team intelligence is an extension of action and built-in reviews, even under-
and often results in a growing chasm the concept of emotional intelligence, performing teams can achieve growth
between the organization’s goals and the largely accredited to Daniel Goleman and move toward sustained excellence.
team’s ability to execute. (danielgoleman.info/blog), who has
authored several books on the topic, Start State
i llust r at i o n by v e e r
The Team Scenario including The Emotionally Intelligent First, assess the team’s current strengths
Teams are a unique mix of players with Workplace. There are four major com- and weaknesses. Does the team need to
various talents, including overachievers, ponents of emotional intelligence: develop its communication skills? Does
underachievers, extroverts, introverts, Self-awareness: being conscious of, it need to hone its visioning skills? Is the
thinkers and doers. Often leaders have a and understanding, your emotions team effective at customer service? Does
favorite team, one that overcame all odds Self-management: controlling your it have a high level of trust?
Next, discuss the overall strategy and indicates each team member’s pre- brainstorm ways to celebrate success
for improvement. A focus inventory dilection for interacting with others and and cultivate ideas to stimulate progress
should be introduced as one of several the world around them. There are sev- in areas where the team has stalled. This
performance enhancement tools, part eral MBTI assessment questionnaires approach creates team alignment and
of a larger framework for continuous available online. generates momentum.
improvement. The focus inventory is a The MBTI results can be displayed Now it’s time to turn the team’s intel-
set of skills selected by the team leader on a 4x4 grid with the type descriptor. In ligence toward solving the customer’s
indicating the key attributes of a highly each block, place the names of the team biggest problems—those that the team
performing team. While the inven- members whose assessment matches could never have surmounted before
tory can change based on industry, the MBTI type. This provides a unique the intelligence cycle. The team is now
there are certain core skills that should view of the team, and can be used to help prepared to assess customer needs and
be included, such as communication, members understand and better com- apply its newly developed communica-
teamwork and accountability. It might municate with each other. tion and visioning skills to effectively
contain from five to 15 skill areas; the partner with the customer.
team should select its primary areas of Growth Phase
improvement based on the three or four During the growth phase, the team Reflection
lowest-scoring team skills. evolves from individuals to a cohesive Team intelligence is a cyclical process
The next step begins with individual, unit. This phase includes the ongoing and should begin and end with reflec-
closed-door interviews with each team reinforcement of team awareness, and tion on the team’s performance. Once
member. To gather accurate data, create the creation and validation of the team’s the team has completed its first evolu-
an atmosphere of trust and convey to vision and goals. tion of the intelligence cycle, reassess
each person that the focus inventory data Allow time to create a team vision; the team goals, revise the focus inven-
is being considered from a team roll-up getting the group to agree is usually a tory, determine next steps and restart
context. Ask them to rate each focus area lengthy and sometimes painful process. the cycle with new growth targets. The
on a scale of one to five based on how the Team buy-in to the vision is an essential focus inventory is a useful tool for defin-
team performs in that area. This changes part of enabling team intelligence. Once ing core skills, and when combined with
the framework from self-assessment to the team has developed its vision, make a plan of action and a team commitment
team assessment. And keeping the rating it a stated part of daily life. For example, to improve, it can serve as a baseline of
scale small forces members to carefully begin each meeting with the vision state- common understanding.
consider their choices. ment: Make it rote, and make sure the Identifying strengths and weak-
team is aligned around its meaning. nesses alone does not constitute team
Transition Phase intelligence but represents the first step
Once the data has been collected, review Review and Feedback Cycles on the path toward maximizing team
it for patterns of strength and weakness. Periodic reviews are a key component performance. Developing team intel-
Consider some supporting tools to pre- to keep the team moving in the same ligence takes work, commitment and
pare for a team discussion of the focus direction. Determine early in the devel- time on the part of the leader as well as
inventory results. opment cycle how often and what types the team. It’s important to set realistic
Perhaps the best tool to enhance team of feedback will be provided. One way goals and allow enough time for changes
communications and awareness is the to gather feedback is to use Post-it® to yield results.
Myers-Briggs Type Indicator (MBTI) assessments. Here, each team member
assessment. It reveals personal prefer- is given a Post-it pad and asked to write Scott C. Holbrook, PMP, CISSP, is the
ences in four quadrants: introversion/ answers to specific questions, such as manager of Information Security and
extraversion; sensing/intuition; think- “Where are we succeeding?” and “Where Disaster Recovery for CaridianBCT, a
ing/feeling; and judgment/perception. can we improve?” Separate the answers global medical device manufacturing
The assessment is taken individually, into related groups on a whiteboard; company. He is based in Colorado.
Memory and the
ability to retain stuff.
info
sions; and data theft.
hysteria. Cybersecurity Growing
experts offer two Capabilities
Ultimately, when it comes to security
words of advice:
war
concerns, the “who” is less important
lems, information security professionals may be botnet activity and electronic fraud. DiMino points ist organizations, according to watchdog groups. At the same business deals—that is, the real value of companies,” Schwar-
ignoring a few significant trees. In the (ISC)² 2008 out that one of the most important elements of infor- time, certain nation states are interested in obtaining the intel- tau says. It can be perpetrated by outsiders through network
Global Information Security Workforce Study, mation warfare is the botnet. Botnets are worldwide lectual property of companies to exploit the technical advances intrusions, but also by insiders. That’s why it’s important for
almost half (48 percent) of (ISC)² members say they networks of compromised computers; those com- and competitive advantages represented by patented processes information security professionals to work closely with their
are mildly or not at all concerned about the secu- puters currently number in the millions—and that and copyrighted algorithms. Internet addresses in China, for human resource departments to screen applicants for critical
rity threat posed by terrorists, and 38 percent say the figure is growing (see “Battling Botnets,” InfoSecurity example, have been linked to network intrusions in the U.S., IT positions, including H-1B workers.
same thing about organized crime. Professional, Autumn 2008). “The use of a computer including a well-publicized break-in last year into non-mili- Schwartau says it has become increasingly important that all
“It really is a matter of semantics,” says Andre in a targeted attack—that’s my definition of cyber tary networks at the Pentagon. areas of security—HR, cyber security and physical security—
DiMino, co-founder and director of the Shad- warfare,” says DiMino. So, while most companies aren’t likely to suffer coordi- are integrated as closely as possible. An example is a disgruntled
owserver Foundation, a self-funded, non-profit Your organization may have already been the nated, intense electronic bombardment, information security ex-employee, “the insider that becomes an outsider,” as he puts
it. To address that scenario, “part of the HR process should security, particularly those who work at critical infrastructure
be irrecoverable revocation of all assets,” Schwartau says— organizations, need “more training in the aspect of how to deal
including, perhaps especially, electronic assets. with a crisis,” says John Bumgarner, CTO and research director
In the U.S., Class 3 info warfare will increasingly involve for security technology for the U.S. Cyber Consequences Unit,
private companies because they own and operate most of the a non-profit research organization funded by the Department
critical infrastructure used by government and military opera- of Homeland Security and other government agencies. This
tions, such as the telecom network or the electric grid. Experts unit advises “the highest levels of government” on cybersecu-
are divided on just how vulnerable that infrastructure is, and rity issues, Bumgarner says.
how aggressively it’s being probed. There is still speculation Information security professionals “usually respond to
that the 2002 power outage on the East Coast resulted from events that have already occurred,” he says. The Georgian and
probing of the SCADA systems. While that speculation flirts Estonian incidents demonstrate that security professionals
with hysteria, the lesson is: Be prepared. “If you have a critical might benefit from training in how to respond while an attack
is taking place. “A lot of agencies do not
train that way, do not train for aggressive
“Is [info warfare] going to get response,” Bumgarner says.
Various types of info warfare resources
nastier? Yes, it’s going to get nastier.” are available. The Estonian Ministry of
Defence recently posted a document titled
Winn Schwartau, security consultant and author “Cyber Security Strategy” on its Website
(mod.gov.ee) that calls for, among other
things, “the development and implemen-
system on the Internet, chances are it’s going to be knocked,” tation of international cyber security policies.”
says Shadowserver’s DiMino. The U.S. Cyber Consequences Unit offers a cybersecurity
An important element to consider is the global supply checklist intended to provide “a comprehensive survey of the
chain. Andrew Colarik, an information security consultant steps that corporations and other organizations should take
and cybersecurity expert, says information security profes- to reduce their vulnerability to cyber attacks.” The checklist
sionals must factor the possibility of regional information contains 478 questions grouped into six categories: hardware,
warfare conflicts, like those in Estonia and Georgia, into their software, networks, automation, humans and suppliers. It is “a
business continuity plans. That means having alternatives baseline where we think organizations should be,” Bumgarner
ready, in terms of logistics and resources, if Internet access to says. He urges information security professionals to examine
supply chain partners is interrupted. the checklist and offer their input. “It’s not something created
O. Sami Saydjari, president of the security consulting and in a vacuum,” he says. “We welcome any comments on it.”
research firm Cyber Defense Agency and a former cyber- Schwartau says information security professionals must
security expert with the National Security Agency, says most convince upper management that the threat of information
organizations aren’t taking the cyber warfare threat seriously warfare is real. That’s because it’s not just the security person’s
enough, and one area he points to is outsourcing. Because problem. “Too often the info sec guys get laden with things
software coding and maintenance is often sent to other coun- they shouldn’t,” he says. For instance, are the costs involved in
tries, information security professionals have to be aware of implementing better power backup systems worth more than
the possibility of “contamination in our corporate infrastruc- a potential data loss? “That’s a business decision, not a techni-
ture,” or applications that “come back with Trojan horses and cal decision,” Schwartau says.
back doors that can be exploited later on,” he says. On the other hand, the threat of information warfare indi-
It’s a sensitive issue politically, but a risk that shouldn’t be cates how critical cybersecurity issues are in the Internet age.
ignored. “In a global environment, they’re going to have to put “There should be an info sec signoff on any major corporate
software quality assurance controls in place” to deal with that decision,” says Schwartau.
risk, Saydjari says. Finally, the most important lesson of the Georgian attacks
may lie in how they compare to the Estonian attacks: While the
Cyber Consequences Estonian attacks were simplistic and scattershot, the Georgian
Cybersecurity experts say DoS attacks—or the threat of attacks were targeted. The level of sophistication “jumped
them—are used to try to blackmail organizations. They’re from ground zero to three,” says Bumgarner. “An information
also used by criminal organizations to demonstrate prow- security professional should worry about this.”
ess. Shadowserver’s DiMino recommends analyzing network Schwartau is more blunt. “Is it going to get nastier?” he asks.
infrastructure for the load balancing and redundancy needed “Yes, it’s going to get nastier.”
to withstand a sustained DoS attack. “We see many sites that
don’t have that design built in,” he says. John Soat is a freelance business and technology journalist
On a professional level, those involved in information based in Cleveland, Ohio, USA.
Mental processing
of information.