Empowering organizations to confront cybersecurity challenges: a discussion with Trusted CI Framework architect Craig Jackson
By Gregory Moore
Cybersecurity professionals supporting research and higher education understand the value of having a common language with senior management. Published March 1, the Trusted CI Framework Implementation Guide for Research Cyberinfrastructure Operators provides such a common language, which can lead to mutual understanding, shared goals, and mutually agreed-upon action plans and resource allocations.
Join Craig Jackson, architect of the Trusted CI Framework and Susan Sons, deputy director of ResearchSOC, as they discuss how to use the Framework to enhance relationships with key stakeholders while driving forward action to improve the overall cybersecurity posture of an organization.
Operationalizing the framework: getting management to understand cybersecurity
Thursday, March 25, 3pm EDT
Trusted CI set out to develop a framework that would empower organizations to confront their own cybersecurity challenges from a mission-oriented and full organizational lifecycle perspective. The Trusted CI Framework helps leaders establish and refine cybersecurity programs that work. Its straightforward structure focuses on foundational decisions about organizational mission alignment, governance, resources, and controls.
“You might think, ‘Oh, great, another framework?’” said Craig Jackson. “Or maybe you already understand the importance of governance from an organizational point of view and are ready to make cybersecurity part of that conversation. Our presentation and this Framework are for both audiences.”
“For cybersecurity practitioners and technologists, the Trusted CI Framework is useful for engaging leadership. It introduces a way of thinking about cybersecurity programs that does not ignore technology, but is designed to speak to the organization, including organizational leadership, and ensure that cybersecurity can work,” Jackson continued.
A lawyer by training, Jackson’s background is in law, psychology, philosophy, and education. He has a JD and an MS in education. This background helped him architect the Trusted CI Framework from more of a non-technology point of view.
“There’s an aspect of that prior experience that has made me attuned to the non-technology parts of cybersecurity,” Jackson said. “The Trusted CI Framework is designed to be a very reasonable minimum standard for cybersecurity programs.”
“Everyone is managing risk all the time. You look at least one way before you cross the street, right? But many formal risk management frameworks are really challenging to infuse into organizational culture. We are trying to lighten the cognitive load. We developed the Trusted CI Framework because there is a reality gap between a lot of existing guidance and the realities of getting cybersecurity done effectively and efficiently.”
The Research Security Operations Center (ResearchSOC) is a collaborative security response center that addresses the unique cybersecurity concerns of the research community. ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. For more information on the ResearchSOC, visit our website or email email@example.com.