Optimal Organizational Design of Enterprise Cybersecurity Centers

The concept of establishing a function to aggregate, analyze, and disseminate threat intelligence emerged in the aftermath of 9/11. Cyber Fusion Centers appeared across federal agencies, state and local governments, and most recently in private industry to meet the demands of this relatively new business support function. Morgan Stanley defines a Cyber Fusion Center as, “a center that encompasses orchestrating, prevention, detection, and response to cyber events through partnerships with key stakeholders across technology functions, business units, and peer institutions.”

In collaboration with Morgan Stanley, the SIPA Capstone team worked with 10 institutions in the private and public sectors to participate in a research survey. Participants were surveyed on their approach to people, processes, and technology with regards to their Cyber Fusion Center operations. Below are the resounding trends captured from participants:

People:  Participants have identified a need to develop career paths with flexible working options in order to better develop and retain talent.

Processes:  Processes can be improved by identifying key performance indicators that translate to non-technical audiences in leadership and other business functions in order to garner operational improvement inputs from a more diverse range of expertise.

Technology: Participants cited the necessity of augmenting their capabilities with specialized products and services from third parties with advanced expertise and/or technologies.