Operational Asset Constraints
There are different types and categories of constraints that can limit the usage of cyber operational assets. Here are few examples:
Mission goals and needs: All activities in a cyber operation should serve initially defined operation goals. Capabilities of the assist may go beyond the goals but should be limited to serve those goals.
Asset supporting resources required by the asset should be available to implement and maintain the asset.
Develop the right procedures, standards, and workflows.
The existence of the proper organizational structure, roles, and responsibilities which support implementation of the cyber operation.
Statutory, regulatory, contractual, and supply chain collaboration requirements.
Availability of suitable expertise and trusted partners.
Operating environments and stakeholders.
Operational Effectiveness Assessment
Operational effectiveness shows the extent to which a system is capable of accomplishing its intended missions when it is used in the environment planned or expected.
It can be defined as the ability “to safely and sustainably do what it is meant to do, when and where it is needed, with qualified and competent people and enabling support systems,” (Mead and Kersha 2016).
In security controls and operations, the implication of the need to continuously perform operational effectiveness assessment is that the existence of the right tools and assets by itself is not enough to ensure proper security control and management.
Proper processes should be planned to ensure the optimization of security resources to fit mission goals and needs.
One of the important meanings of “effectiveness” is related to relevance or fitness of the cyber operation to its initial goals. Without properly and initially defining operation goals, it will be hard to assess the operation effectiveness.
Transparency is also important to be able to describe in details what went wrong “weaknesses” and what went right “strengths” in each operation in order to learn and improve in future.
This includes capability assessments and gap analysis in the current operations to help plan for future ones.
Operational effectiveness assessment provides the roadmap to focus efforts on those problems that hinder growth and performance.
Many organizational management theories consider operational effectiveness to be a source of competitive advantage, particularly where operational effectiveness includes capabilities that enable an organization to rapidly adapt to changes in requirements or environmental factors.
Organizations often approach operational effectiveness through following governance frameworks such as COBIT or quality management approaches such as Six Sigma, Total Quality Management (TQM), ISO 9004, or ISO 15504.