ABSTRACT
The Organizational Security knowledge area is arguably the highest level of concept among the CSEC cybersecurity functional areas and it is the one that is most broadly relevant. It is also probably the oldest of the CSEC areas in the sense that its best practices derive from old-fashioned organizational management principles. Essentially, Organizational Security ensures that the actual performance of the cybersecurity operation is both reliable and consistent. That typically involves the use of policies and standard operating procedures that explicitly dictate how each of the other seven CSEC knowledge areas interact, as well as the how each subset unit of management best practice interrelates.
In general, the Organizational Security knowledge area represents the governance aspect. An everyday Organizational Security governance framework is extremely important in the conduct of the cybersecurity function. That is because it embodies the planning and control aspects of conventional organizational management. These traditional business processes are important because the cybersecurity function does not operate in a vacuum. The big picture appreciation of organizational threat and the development of strategies to respond to those threats are the valuable contributions that Organizational Security brings to the party.
Thus, in this chapter, the reader will learn about the challenges that organizational threats represent in the overall cybersecurity ecosystem. The reader will understand the integrative function of the Organizational Security knowledge area as well as the importance of risk in the overall cybersecurity process. The reader will see the importance of security governance and policy in formulating a response, as well as how to apply analytical tools to cybersecurity operation. The reader will understand the critical importance of effective system administration and the methods and practices of cybersecurity planning. Finally, the reader will know how continuity, recovery, and incident management practice affects security. The reader will understand the relevance and practices of security program management as well as the critical importance and practical implementation of personnel security in the large-scale conduct of security operations.
