CASP/R A

Analyze industry trends and outline potential impact to the enterprise

Perform on-going research

Best practices

New technologies

New security systems and services

Technology evolution (e.g. RFCs, ISO)

Situational awareness

Latest client-side attacks

Threats

Counter zero day

Emergent issues

Research security implications of new business tools

Social media/networking

Integration within the business (e.g. advising on the placement of company material for the general public)

Global IA industry/community

Conventions

Attackers

Emerging threat sources

Research security requirements for contracts

Request for Proposal (RFP)

Request for Quote (RFQ)

Request for Information (RFI)

Agreements

Carry out relevant analysis for the purpose of securing the enterprise

Benchmark

Prototype and test multiple solutions

Cost benefit analysis (Return on Investment - ROI, Total Cost of Ownership - TCO)

Analyze and interpret trend data to anticipate cyber defense aids

Review effectiveness of existing security

Reverse engineer / deconstruct existing solutions

Analyze security solutions to ensure they meet business needs

Specify the performance

Latency

Scalability

Capability

Usability

Maintainability

Availability (MTTR- Mean Time To Recovery, MTBF- Mean-Time Between Failure)

Conduct a lessons-learned / after-action review

Use judgment to solve difficult problems that do not have a best solution

Conduct network traffic analysis