Case Studies »
 
 

Case Study: Providing Cyber Security in an Insecure World

Client: McAfee

The global information security company McAfee enlisted Good Harbor's support for their Initiative to Fight Cybercrime, a wide-ranging effort aimed at closing critical gaps in the fight against cybercrime. A multi-point plan anchors the initiative, including calls for action from law enforcement, academia, service providers, government, the security industry and society at large to deliver more effective investigations and prosecutions of cybercrime. The plan includes education and awareness building to ensure that officials around the world have the capacity to properly fight cybercrime, while helping users build "street smarts" so that they don't become easy victims; legal frameworks and law enforcement guidance to facilitate international collaboration and mutual assistance on cybercrime among governments, industry and nongovernmental organizations (NGOs); and an emphasis on innovation and cooperation with the technology industry to provide technology solutions that stay one step ahead of the threats.
Good Harbor tasks:
»»
Provide strategic advice to ensure maximal impact for McAfee's cybercrime initiative.
»»
Create and launch McAfee's online Cybercrime Response Unit (CRU), which helps customers and businesses believing they are victims of cybercrime assess the situation, offers advice on what evidence to gather for law enforcement to bring a case, and refers victims to the appropriate law enforcement agencies, credit agencies, support agencies and other organizations.
»»
Develop content and a questionnaire for the CRU.
»»
Develop a telecenter script to help McAfee operators effectively respond to cybercrime victims.
»»
Provide ongoing strategic counsel to McAfee and assist the operation in navigating the complex cybercrime landscape.
»»
Make key connections for the initiative with key stakeholders throughout the cybercrime landscape, including government officials and law enforcement experts, to assist with project planning.
 
 

Case Study: Writing Better, More Secure Code

Client: Software Assurance Forum for Excellence in Code (SAFECode)

Good Harbor assumed leadership and operational management of SAFECode, a non-profit organization dedicated to increasing trust in information and communications technology products. Good Harbor helped drive SAFECode's mission forward and advancing effective software assurance methods. SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. Currently, SAFECode's members include Adobe Systems Incorporated, EMC Corporation, Juniper Networks, Inc., Microsoft Corp., Nokia, SAP AG and Symantec Corp. SAFECode's influence and visibility grew dramatically and steadily under Good Harborʼs leadership.
Good Harbor tasks:
»»
Provide leadership and operational management.
»»
Drive SAFECode's substantive work in the area of software assurance.
»»
Work with member organizations to develop and promote best practices for ensuring software security and integrity through the development of white papers, public relations and outreach to the relevant associations and government organizations.
»»
Drafted white papers on Software Assurance Best Practices and Secure Development Practices, the latter of which has been downloaded more than 75,000 times.
»»
Secure speaking opportunities and media attention for the organization.
»»
Developed promotional materials, website and a public relations campaign for the SAFECode launch in 2008.
»»
Facilitate stakeholder collaboration to reach a common goal of software assurance advancement.
»»
Established an International Board of Advisors to help promote SAFECode's agenda.
 
 

Case Study: Improving Corporate Crisis Communications and Continuity of Operations Planning

Client: International Leader in Enterprise Cloud Computing

The corporate management team of a leading enterprise cloud computing company wanted to improve the company's crisis communications and Continuity of Operations Planning (COOP), as well as obtain senior executive buy-in for these efforts.

Good Harbor developed and conducted tabletop exercises at the firm's U.S. headquarters and in one international office to identify gaps in existing continuity and security planning and leveraged key findings to develop training plans for the corporate management team.

Good Harbor tasks:
»»
Raise awareness and buy-in among executives for crisis communications and Continuity of Operations Planning issues
»»
Develop tailored and realistic tabletop exercise scenarios
»»
Conduct and facilitate tabletop exercises in U.S. headquarters and one international office
»»
Identify key “lessons learned” from tabletop exercises and leverage findings to make actionable recommendations for improvement
 
 

Case Study: Advising on crisis management and communications

Client: Defense Contractor

A major government contractor engaged Good Harbor to provide advisory services to its executive team to support crisis management preparedness in the areas of communications and decision-making. Good Harbor advised the companyʼs C-suite as they investigated a possible network breach, evaluated their disclosure obligations, and mapped their internal and external communications strategy.
Good Harbor tasks:
»»
Build understanding among executive team of disclosure obligations
»»
Make recommendations on crisis communications decision-making process
»»
Advise on communications strategies
»»
Review and edit draft communications materials
 
 

Case Study: Advancing awareness and dialogue on emerging cybersecurity issues

Client: Microsoft

Microsoft commissioned Good Harbor to research and write the report, Confronting Cyber Risk in Critical Infrastructure: The National and Economic Benefits of Security Development Processes. Good Harbor interviewed experts in critical infrastructure security, industrial control systems security, application security, cyber and national security policy, and code analysis to develop the report, which was featured at Microsoftʼs inaugural Security Development Lifecycle conference in Washington, D.C. in May, 2012.
Good Harbor tasks:
»»
Identify and interview subject matter experts
»»
Research, write, and produce report to advance thought on important, emerging cybersecurity issues
»»
Support distribution of the report via media, expert networks, and Microsoft's inaugural Security Development Lifecycle conference
 
 

Evaluating Risk and Developing a Strategy and Governance Framework to Manage It

Fortune 500 cable, voice, and Internet provider

A Fortune 500 cable, voice, and Internet provider retained Good Harbor to assess its cybersecurity risk profile and to evaluate its cyber incident response capabilities. Good Harbor delivered an executive-level threat awareness briefing, gained specific insight into current operations through 30 stakeholder interviews with managers across the company, and delivered a tailored, executive level tabletop exercise. Good Harbor synthesized key findings and presented them in an executive risk report, which gave the management team actionable recommendations to improve the companyʼs cyber crisis management capabilities. Good Harbor was later engaged to follow-up on its earlier assessment to evaluate progress and off further recommendations to support a strategy and governance framework to manage cyber risk.
Good Harbor tasks:
»»
Raise awareness within the executive team through an executive briefing and report
»»
Develop and facilitate a table-top exercise to evaluate and improve crisis management capabilities
»»
Conduct interviews and document review to develop recommendations for a strategy and governance framework to manage cyber risk
»»
Synthesize industry best practices to provide useful executive-level recommendations