Fraud Management & Cybercrime , Governance & Risk Management , NIST Standards
The Need for Systems Thinking in Cybersecurity
Ron Ross of NIST Discusses Moving Away From Stovepipe ThinkingIn preparation for the relaunch of ISMG’s cybersecurity education platform, CyberEd.io, Ron Ross of the National Institute of Standards and Technology and Brian Barnier, who is designing a course on critical thinking and design thinking to be hosted exclusively on CyberEd.io, discuss the need for reorienting toward systems thinking in cybersecurity.
See Also: Preparing for New Cybersecurity Reporting Requirements
"We live in a stovepipe today, and we have to get out of this stovepipe and get more into the systems development process, the systems engineering process, in order for us to solve these critical and difficult problems," Ross says.
He also discusses:
- How he entered the field of cybersecurity 32 years ago;
- Why people in cybersecurity get stuck in silos and how to get out of them;
- How to break away from a compliance mindset and use systems thinking to address cybersecurity concerns.
Ross specializes in information security, systems security engineering and risk management. He leads NIST's Federal Information Security Management Act Implementation Project, which includes the development of key security standards and guidelines for the federal government and critical information infrastructure. Ross also leads the Joint Task Force, an interagency partnership with the Department of Defense, Office of the Director National Intelligence, the U.S. Intelligence Community and the Committee on National Security Systems, with responsibility for developing the Unified Information Security Framework for the federal government and its contractors. In addition to his responsibilities at NIST, Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. In 2016, ISACA presented Ross with the prestigious Joseph J. Wasserman award for his exceptional contributions to the cybersecurity community.