With the proliferation of new technologies and the cyber risks that come with them, business leaders need strategies to make their organizations resilient in a landscape of cybersecurity threats.
A webinar with Eric Rosenbach
Eric Rosenbach is the Director of the Defending Digital Democracy Project, and Co-Director of the Belfer Center for Science and International Affairs at Harvard Kennedy School. He has previously served as the Chief of Staff to US Secretary of Defense Ash Carter and the Assistant Secretary of Defense. He held the position of Chief Security Officer for Tiscali, the largest pan-European internet service provider, and was a US Army Intelligence Officer before bringing his expertise to Harvard. He is also the course convener of the Cybersecurity: Managing Risk in the Information Age course from Harvard’s Office of the Vice Provost for Advances in Learning, in association with HarvardX.
Rosenbach recently hosted an interactive webinar for students to pose questions about the cybersecurity course. In this 22-minute webinar, Rosenbach provides an overview of the course content through the frame of risk management. He demonstrates the benefits of the course for managers and professionals, regardless of technical background, while addressing queries around how the course complements concerns in General Data Protection Regulation (GDPR) and emerging technology.
Learn more about the cybersecurity course by watching highlights of the webinar below:
Harvard VPAL’s course on cybersecurity
The Cybersecurity: Managing Risk in the Information Age online short course from Harvard’s Office of the Vice Provost for Advances in Learning (VPAL), in association with HarvardX, is designed to equip business professionals with the knowledge and skills to develop a culture of cyber resilience in any organization.
Delivered in collaboration with GetSmarter, this 8-week course provides students with a comprehensive understanding of the organizational, reputational, and litigation risks faced by businesses in a landscape of growing cyber threats. Framed through the lens of cyber risk management and resilience, the content focuses on equipping managers and business professionals with holistic risk mitigation techniques.
The need for a holistic cyber risk management strategy should be a top priority for every business professional. If you’re ready to make your organization cyber resilient, register now for the next presentation of the Harvard VPAL Cybersecurity: Managing Risk in the Information Age online short course.
Ready to make your business cyber resilient?
Learn from the experts.
Click here to read the full transcript.
- Read transcript
QUESTION 1: How does the GDPR impact the world of cybersecurity and privacy?
We actually have a pretty significant section devoted to GDPR and some of the measures required by GDPR, and help all the students think through how that may impact your firm. One of the things we try to do in the class is allow you to personalize a lot of the learning to your specific situation. So, for example, you’ll develop a cyber risk mitigation strategy for your organization if you choose, and GDPR may be one of those things that you consider. I think in general a lot of the provisions in GDPR are things we address in the class. And through this holistic risk mitigation strategy that we talked about, you would be able to meet most of the requirements outlined in GDPR if you were able to follow through on this.
QUESTION 2: How do emergent technologies like AI and Internet of Things and fintech influence cyber risk, and how can companies use these technologies to better prepare for attacks?
I think that’s a pretty interesting question and maybe talking about artificial intelligence, AI in particular is something that’s interesting. At the end of the class we talk about a lot of these new technologies. But from my perspective, you’ll see a lot of speculation right now that I would be used for combat or to target individuals with unmanned aerial vehicles or drones. But my perspective of all that is probably a long way off, and during the time I was in the Department of Defence, working with Secretary Carter, you know 20 hours a day, he actually signed out a directive that made it impossible for anyone in the US Military to order a strike that was not approved by human so that I would not be making serious decisions like that. Now in the realm of cybersecurity, I think I can do more to help defense than offense.
And this is one of those things where you hear a lot of new things about, but has been around for at least a decade where you would use anomaly detection and heuristic type tools based on available data to detect bad guys in your network.
I think that’s improved a lot over the last several years, and a lot of the higher end cybersecurity software hardware packages you will see will rely on some type of AI to detect anomalous behavior and bad guys in your network.
Now, that said, I can also see how some nation states would try to use advanced AI to do offensive type things but there hasn’t been a lot of that, yet. And so, you know, that’s one of those things where then the class will talk about the future.
QUESTION 3: How do you balance cyber risk and business process efficiency?
When you think about the Department of Defence, he may not think of technology or you know, an information technology intensive organization. But the department is a based Enterprise Network in the world spends, believe it or not, almost 40 billion dollars on IT – at the same time, place a really high strong emphasis on cybersecurity.
So this is a good example of that balance amount I was talking about. You don’t want any network to be so secure and so risk avoidant, that you can’t actually operate. So back in the cases that I used to work on you wouldn’t want to be so secure that we couldn’t conduct operations literally based on the network when you about aircraft even Advanced Munitions and things like that.
In the private sector sense, it’s important to recognize you could literally probably spend all of the company’s revenues on cybersecurity and never completely eliminate risk. And so the point you want to get to is where both in terms of human resources and financial resources, you’ve invested enough, to the point that you feel comfortable with the risk you have. And what we want to do is help people identify that type of risk so that you know that, have internalised that, and you can say we need to operate, we need to be an effective business, we need to make money whatever the mission is, but we sufficiently mitigated risk that we’re still able to do that effectively and have protected ourselves.
So that balance I think is unique and a lot of different cases some sectors are more prone to cyber attacks that could result in a major disruption than others. And that’s one of those things that you need to think about, and one of the things we talk about in the class.
QUESTION 4: Will an individual with a technical role who does not manage people or departments be able to benefit from this course?
This is a class mostly designed for people who don’t have a lot of background in cybersecurity.
So this is not, you know, for experts in cybersecurity. However, I can see that even a cybersecurity engineer would benefit a lot from this class. Because, although the beginning is technical to introduce, you know, how the internet works and key cybersecurity concepts from a technical perspective, the rest of the class really is about management leadership and thinking about risk from a human perspective.
And so I actually think this is a class that is well suited for engineers as well as people who haven’t been in the technical world or cybersecurity. For example, in one of the last iterations of the class, we had a pretty famous NBC TV host who took the class because he is trying to get more background on cybersecurity issues. At the same time, we’ve had people in banks who are technical folks who take the class because they’re trying to learn more about holistic risk management. So I think it can fit a variety of backgrounds.