Fraud Management & Cybercrime , Governance & Risk Management , NIST Standards

The Need for Systems Thinking in Cybersecurity

Ron Ross of NIST Discusses Moving Away From Stovepipe Thinking
Brian Barnier, ValueBridge Advisors (left) and Ron Ross, National Institute of Standards and Technology

In preparation for the relaunch of ISMG’s cybersecurity education platform, CyberEd.io, Ron Ross of the National Institute of Standards and Technology and Brian Barnier, who is designing a course on critical thinking and design thinking to be hosted exclusively on CyberEd.io, discuss the need for reorienting toward systems thinking in cybersecurity.

See Also: Risk Management Framework: Assessing and Monitoring NIST 800-53 Controls for DoD

"We live in a stovepipe today, and we have to get out of this stovepipe and get more into the systems development process, the systems engineering process, in order for us to solve these critical and difficult problems," Ross says.

He also discusses:

  • How he entered the field of cybersecurity 32 years ago;
  • Why people in cybersecurity get stuck in silos and how to get out of them;
  • How to break away from a compliance mindset and use systems thinking to address cybersecurity concerns.

Ross specializes in information security, systems security engineering and risk management. He leads NIST's Federal Information Security Management Act Implementation Project, which includes the development of key security standards and guidelines for the federal government and critical information infrastructure. Ross also leads the Joint Task Force, an interagency partnership with the Department of Defense, Office of the Director National Intelligence, the U.S. Intelligence Community and the Committee on National Security Systems, with responsibility for developing the Unified Information Security Framework for the federal government and its contractors. In addition to his responsibilities at NIST, Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. In 2016, ISACA presented Ross with the prestigious Joseph J. Wasserman award for his exceptional contributions to the cybersecurity community.


About the Author

Brian Barnier

Brian Barnier

Director of Analytics, ValueBridge Advisors

Barnier is the director of analytics at ValueBridge Advisors. He is also professor of operations finance and economics at the graduate level across several U.S. universities. He has been a guest lecturer in Russia and Mexico and served on the faculty of the Wharton/MBA Stonier Graduate School of Banking. Prior to ValueBridge Advisors, he led teams to nine U.S. patents in technology with AT&T, Nokia and IBM. In 2021, Barnier earned the coveted Joseph J. Wasserman award presented by ISACA for outstanding achievement in information technology risk, governance and security.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.