Booz Allen Commercial delivers advanced cyber defenses to the Fortune 500 and Global 2000. We are technical practitioners and cyber-focused management consultants with unparalleled experience – we know how cyber-attacks happen and how to defend against them.
Our strategy and technology consultants have empowered our international clients with the knowledge and experience they need to build their own local resources and capabilities.
In facing challenges of modernization, our Middle East and North Africa clients have complex requirements that benefit from our proven experience in guiding major programs and projects for governments and private-sector organizations. The services we offer in UAE, Qatar, Egypt, Turkey, Kuwait, Morocco, Jordan, and other regional countries build on our consulting legacy.
Our clients call upon us to work on their hardest problems—delivering effective health care, protecting warfighters and their families, keeping our national infrastructure secure, bringing into focus the traditional boundaries between consumer products and manufacturing as those boundaries blur.
Booz Allen was founded on the notion that we could help companies succeed by bringing them expert, candid advice and an outside perspective on their business. The analysis and perspective generated by that talent can be found in the case studies and thought leadership produced by our people.
Learn more about Booz Allen's diverse culture and environment of inclusion that fosters respect and opportunity for all employees.
We've come a long way delivering innovative solutions. But our next chapter is still being written.
Our 22,600 engineers, scientists, software developers, technologists, and consultants live to solve problems that matter. We’re proud of the diversity throughout our organization, from our most junior ranks to our board of directors and leadership team.
Booz Allen takes pride in a culture that encourages and rewards the many dimensions of leadership—innovative thinking, active collaboration, and personal service. We’re particularly proud of the diversity of our Leadership Team and Board of Directors, among the most diverse in corporate America today.
Posted by Sedar LaBarre and Marcia McGowan on February 11, 2014
For Booz Allen, February is a busy, exciting time of year because the firm sends many of its cyber and commercial staff members to participate in the annual RSA Conference as speaker or attendee. However, this February also marks the deadline for the NIST Cybersecurity Framework (CSF), which is one outcome of President Obama’s Executive Order on Improving Critical Infrastructure Cybersecurity. We expect the NIST CSF to generate many conversations during RSA, as CISOs at public companies and government agencies continue to think about how it applies to their organization.
The discussion around how to create the CSF has been fascinating, and Booz Allen has joined the conversation because, as part of the defense and consulting industry, our firm also must consider how to use the CSF. NIST has used a very open and transparent process that not only built upon existing cyber security and critical infrastructure protection standards and initiatives, but also brought in new, creative ideas for improving cyber security. The CSF is a good start at providing all organizations with information on practices that should improve overall cyber hygiene.
As we think about the RSA Conference, we expect that many attendees will be wondering about what we like to call “CSF 2.0.” Certainly, more can be done to help organizations build a roadmap from the CSF to their cybersecurity goals and determine if their practices are effective. The CSF’s usefulness greatly depends on each organization’s operating environment, risk profile and resources, and organizations will derive different benefits from the CSF, such as using it as a guide to develop an inaugural cybersecurity program, identifying potential areas for improvement in existing cyber risk management plans or integrating the CSF taxonomy to better communicate with vendors and third parties.
We will see some industries move quickly to use the CSF while other will be more deliberate in their pace as they consider the return on investment and its cost-effectiveness. Some organizations with a long history of investing in cybersecurity and are expected to be early adopters, while others who are only now committing resources to mitigate cyber risks may be slower to use the CSF. Most industries are looking for more evidence that incentives for using the CSF will exist, and we are only now starting to see them appear. For example, some cyber insurance providers are requiring proof that organizations have certain programs and capabilities in place before offering coverage.
While “CSF 2.0” is likely to be quite different from the initial publication, what is clear is that use of the CSF should not become a check-the-box exercise. We can’t afford another set of standards that push us towards that. Security must go beyond compliance and certification, and the CSF is one of many resources that organizations should use to achieve their goal of improving cybersecurity and managing cyber risk as a part of overall business risk. Booz Allen expects more dialogue – throughout all of the RSA Conference – on how the cybersecurity community can bridge the gap between fast-changing technology and risk management so organizations of any type or size in industry and government are prepared for the ongoing waves of cyber attacks.