Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Exploring phronesis in cyber security, management and resilience
Cyber Security: A Peer-Reviewed Journal,
6
(2),
154-167
(2022)
Abstract
The aim of this paper is to introduce phronesis and fractal knowledge to present a practical approach that can help a local public service to contextually understand the information assurance (IA) and cyber journey in a holistic way, by considering the various components that integrate information governance strategy, policy and assurance. It goes on to present a case study and ideas for further research. The fields of cyber security, information security and governance have a number of overlapping domains and spheres of interest. Within a local authority (LA), resources are sparce, with one person often having to oversee the entire security process, which is often regarded as an integral part of the information and communications technology (ICT) function.
Keywords: local authorities; phronesis; cyber security; information assurance; break glass policies; principles-led policy; cyber playbooks; cyber incident response; business continuity; knowledge systems; cyber resilience; emergency planning; business continuity management; fractal knowledge; practice-based research; reflective practice
The full article is available to subscribers to the journal.
Author's Biography
Mark Brett is a Chartered Manager and Chartered IT Professional. He is a CCP Lead SIRA, having an outstanding track record as a senior manager and consultant in local and central government. He is actively engaged in the Local Government Cyber Resilience Programme with the Ministry of Housing, Communites & Local Government (MHCLG). Mark worked for three years with the PSN Programme in GDS Lead IA Adviser and PSN SOC/Security Manager. As Lead Security Analyst in MOJ Digital, he developed an agile approach to information risk management and assurance, which he has implemented in MHCLG. Mark was CIO of London Connects. As a deputy director in the London Resilience Team, he designed and implemented a Pan-London Emergency Management Extranet and was instrumental in setting up the warning, advice and reporting point (WARP) programme for the Centre for the Protection of National Infrastructure (CPNI). While information assurance adviser to the Local Government Association, he authored the Local Public Services Data Handling guidelines. He continues to lead the local government information assurance (IA) work as a special adviser to the Local CIO Council and through the Local Government Cyber Security Stakeholder Group and the Local Government PSN Board. Mark is currently cyber technical adviser to MHCLG, working on the National Cyber Security Programme — Local. Mark’s work in the cyber and resilience world involves developing cyber resilience exercises and response capability training, which is being used within local resilience forums (LRFs) in England, and leading the Cyber Resilience Programme in Wales for the Welsh Government, working with the four Welsh LRFs. He has recently authored the emergency management exercise that is being run across the English LRFs. Mark is a Fellow of the Institute of Civil Protection and Emergency Management and a Member of the Emergency Planning Society. He is an honorary visiting Fellow in Cyber Security at De Montfort University and lectures at Warwick and London Metropolitan Universities. He completed a doctoral training programme at De Montfort University.
