CyberM3 Business Enablement: Booz Allen Hamilton’s Cybersecurity Reference Model empowers your business with comprehensive information security.

1. CyberM3
Business Enablement:
Cybersecurity That Empowers
Your Business with Comprehensive
Information Security

2. The Challenge Is Constant: Complex Operations Are Ripe for Cyber Attack
Sophisticated, complex technology drives today’s business success. However, as beneficial as technology in to supporting
increased productivity and broader operational capabilities, constant innovations and updates make information technology (IT)
systems and information increasingly vulnerable to internal and external attacks.
According to research, it is not uncommon for large organizations to be cyber attacked more than 1,000 times a day. Most often,
these attacks are covert, going undetected and unreported for an average of 9 months per event. These advanced persistent
threats are designed to probe, phish, dodge, and deceive. They seek any opportunity to exploit weaknesses and circumvent
barriers to steal or compromise closely held information, disrupt operations, and damage marketplace reputations and stock values.
Unfortunately, in many C-suites, company leaders (among them, a surprising number of CISOs, CROs, and others directly
responsible for enterprise information security) simply are unaware of the frequency, likelihood, and business impact of these
cyber attacks. In addition, leaders often believe their organizations are extremely well-prepared and protected by the latest
security hardware and software. In their view, hacking and other cyber attacks are unfortunate events that only happen to others
who are less well prepared.
In fact, what often seems to be reliable information security readiness is actually inadequate to meet the many threats across
a company’s extended ecosystem attack surface. For proof, look no further than the frequent media reports about respected
healthcare, financial services, energy, manufacturing, and other prominent companies that have had their operations compromised
and their reputations smeared, despite every effort. The painful truth is that many companies are unknowingly attacked every day
and most of those attacks are undocumented. If your company has not yet been cyber assaulted, it likely will be.
LIFE CYCLE
CONTROLS
SECURE
ENTERPRISE
BUSINESS
OPERATIONS
MAINTAIN
EXECUT
E
IDENTITY
BUILD
PLA
N
TECHNOLOGY
PROCESS
PEOPLE
Booz Allen’s CyberM3
delivers holistic information security solutions across your enterprise’s people, process, and technology.
CyberM3
Core Principles

3. The Solution: CyberM³—A Comprehensive Approach to Information Security
Across Your Business Ecosystem
To meet today’s business information-related security challenges and threats head-on, businesses must maintain elevated risk
awareness and risk preparedness, and have comprehensive, reliable risk responses in place. These include:
• A clear and risk-based vision of the spectrum of cyber challenges faced
• Strategy and controls for addressing all near- and long-term issues head-on
• The right knowledge and tools to implement new approaches and procedures
• Clear messaging through which to explain and deliver those approaches and procedures to stakeholders (internal and
across your extended supply chain ecosystem)
• The necessary business processes that everyone in the organization understands, accepts, and continues to support
CyberM³ is an all-encompassing, experience-driven, strategic solutions suite for pursuing and achieving enterprise business
information security preparedness. Booz Allen’s CyberM³ solutions:
• Thoroughly assess the extended business environment to detect and identify critical weaknesses, existing and potential
• Deploy the combined and complementary skill sets and expertise of Booz Allen cyber professionals who collaborate with
in-house cyber teams to create customized roadmaps for integrated remediation, and then help them layer on and maintain
sophisticated protections specifically customized to the information privacy, safety, and security needs of the business
The Result: The CyberM³ Solutions Suite—Delivering
Flexible Responses for Business Security Needs
CyberM³ delivers on the needs of your business, no matter the challenge. The full spectrum of solutions includes diagnostic
and risk assessments, strategy and roadmap setting, capability solution design, and operational implementation of
capabilities. Based on a company’s information security challenges and needs, Booz Allen provides CyberM³ solutions on
a “one, some, or all” basis, across the following layers:
• Diagnostics and Strategy: This is a launch stage activity, wherein Booz Allen partners with your information security
and business unit teams to:
o Gauge the maturity of the process, technology, and people capabilities of the information security program
o Examine and understand the totality of cyber risk faced by the extended enterprise
o Detail the actionable and prioritized steps for evolving the program to effectively treat risk
o If applicable, define the strategy for driving change throughout the business enterprise and unifying
security efforts under a common yet flexible approach
• Capability Design: In this scenario, Booz Allen’s seasoned cyber experts work with your team to design detailed
“blueprints” or architectures for achieving targets set forth for managing risk, rooting out existing malware incursions,
identifying the people skills and process changes needed to support business operations, and detailing appropriate
technology decisions.
Note that Booz Allen is technology agnostic; that is, we are not “locked in” by partnering agreements that require us to
recommend specific technology providers. We are free to evaluate and propose use of any technology resource, attribute,
or service that we feel is most appropriate to help ensure the security of your systems, information, and processes.
• Implementation: Operationalizing effective capability designs is truly where the “rubber meets the road.” Booz Allen’s
unparalleled diversity of experience and expertise with implementing cyber solutions in many of the world’s most
sensitive commercial and government environments allows us to quickly engineer controls to manage risk to the
business. It also enables us to provide such progressive services as hunting advanced persistent threats on internal
networks or providing pinpointed strategic and tactical cyber threat intelligence to proactively guide day-to-day, security
posturing on behalf of the business.
• Booz Allen Is Your Proactive, Information Security Partner: When engaged, Booz Allen rapidly deploys a skilled
team to work with you across the strategic analysis and entire implementation effort or only on more vertical facets of it,
as required. Either way, our information security experts are committed to working with every member of your internal IT
team and staff to ensure the smoothest possible delivery of all requirements.

4. CyberM3
Empowers Business by Measuring, Managing,
and Maturing Information Security in Your Operations
Truly effective information security requires more than just protecting critical information and
assets; it includes enabling businesses to take full advantage of the opportunity offered by the
cyber ecosystem.
Booz Allen’s many decades of global experience include documented successes in diagnosing
and devising responses to persistent cyber threats in large business and government enterprises.
Our role is to help our clients recognize and understand the broad spectrum of cyber threats and
vulnerabilities within the enterprise, ascertain the risk exposures at hand, and employ our diverse
strategy and technology consulting expertise to define, design, and implement an actionable path
for improvement.
First and foremost, Booz Allen is a knowledge and process-driven consulting company:
• We follow proven milestone steps to generate detailed and comprehensive diagnostics that find
and identify evidence of attacks and actual intrusions
• We develop meticulous, strategic guidance for addressing and remediating problems associated
with those attacks
• We help to facilitate the smooth integration of our client company’s business processes and
people with changes to cyber operations and controls to ensure comprehensive solutions to
security challenges
• We are committed to collaborative working relationships with our clients’ internal teams
To learn more about what we do, how we do it, and how well we do it in the information security
environment, including threat assessment; threat intelligence; combat of advanced persistent threats;
strategic assessment of cyber capabilities and requirements; the essential and evolving role of the
CISO; assessing the skills of internal security teams; and provision of analytically rich benchmarking,
please refer to the vertically-themed “challenge sheets” accompanying this brochure.

5. www.boozallen.com
Booz Allen Hamilton has been at the forefront of strategy and technology consulting for nearly a
century.Today,thefirmprovidesservicesprimarilytotheUSgovernmentindefense,intelligence,
and civil markets, and to major corporations, institutions, and not-for-profit organizations. Booz
Allen offers clients deep functional knowledge spanning strategy and organization, engineering
and operations, technology, and analytics—which it combines with specialized expertise in
clients’ mission and domain areas to help solve their toughest problems.
Booz Allen is headquartered in McLean, Virginia, employs approximately 25,000 people, and
had revenue of $5.86 billion for the 12 months ended March 31, 2012. To learn more, visit
www.boozallen.com. (NYSE: BAH)
02.079.13

6. www.boozallen.com
Booz Allen Hamilton has been at
the forefront of strategy and
technology consulting for nearly
a century. Today, the firm provides
services primarily to the US
government in defense, intelligence,
and civil markets, and to major
corporations, institutions, and
not-for-profit organizations.
Booz Allen offers clients deep
functional knowledge spanning
strategy and organization,
engineering and operations,
technology, and analytics—
which it combines with specialized
expertise in clients’ mission and
domain areas to help solve their
toughest problems.
Booz Allen is headquartered
in McLean, Virginia, employs
approximately 25,000 people,
and had revenue of $5.86 billion
for the 12 months ended March
31, 2012. To learn more, visit
www.boozallen.com. (NYSE: BAH)
About Booz Allen Hamilton
CyberM3 Close-up:
Threat Intelligence
Booz Allen Hamilton’s CyberM3
delivers proprietary, integrated solutions that address cyber-driven, business
challenges and opportunities. The CyberM3
Solutions Suite spans the full-spectrum of Booz Allen’s aggregated
cyber expertise, perspectives, and capabilities, enabling us to cost-effectively command the bridge between
strategic consulting and measurable, operational implementation and transformation. The bottom line?
CyberM3
enables your enterprise to Measure, Manage, and Mature your cybersecurity posture as you sort
out high-order, information security concerns for business operations.
The Business Challenge
Cyber attacks against companies around the world are evolving faster than corporate defenses,
resulting in an ever-increasing frequency of attacks and the probability of their success over time.
“Advanced Threats” increasingly target corporations and governments in order to conduct industrial
espionage, undermine business and financial operations, and/or sabotage infrastructure. The vast
majority of organizations wait until an attack occurs and then react to it, focusing on damage assessment
and remediation. Some companies, however, are building threat intelligence programs to help them
shift from a reactive security posture toward an anticipatory intelligence perspective. This enables
them to get ahead of the attack, assess the risk, and take appropriate defensive actions, before an
attack actually occurs.
The Response: Threat Intelligence
Booz Allen’s proprietary Threat Intelligence Services provide a maturity assessment of your enterprise’s
threat intelligence capability through the lens of people, process and technology. As part of these
services, we identify the current state of your network security, define your desired end-state, and
develop a roadmap which includes a balanced set of detailed recommendations for how to achieve
the desired maturity level. The diagnostic is a process-driven, collaborative effort between our team
and yours to ensure a meticulous audit of your program. Our CyberM3
Reference Model is the foundation
for our methodologies, technologies, and client needs, ensuring your program is being benchmarked
against the best of breed solutions.
The Result
Empowered by Booz Allen’s decades of documented, global success helping governments and businesses
detect, analyze, and surmount a broad spectrum of cybersecurity challenges, the Threat Intelligence
Services will identify program gaps and weaknesses, while providing actionable recommendations
to help your organization achieve its cybersecurity goals. When problems are found or anticipated,
Booz Allen is your partner in defense, providing complete solutions that consider risks to – and deliver
effective support for – the people, processes and technology that fuel your successful operations.
Booz Allen’s Threat Intelligence Services will help you see beyond the cybersecurity horizon to stay
ahead of advanced cyber threats. Whether you are managing today’s issues or looking beyond the
horizon, count on us to help you be ready for the cyber challenges you face.
For more information, contact
Tony Urbanovich
Principal
Urbanovich_Tony@bah.com
813-281-4911

7. www.boozallen.com
Booz Allen Hamilton has been at
the forefront of strategy and
technology consulting for nearly
a century. Today, the firm provides
services primarily to the US
government in defense, intelligence,
and civil markets, and to major
corporations, institutions, and
not-for-profit organizations.
Booz Allen offers clients deep
functional knowledge spanning
strategy and organization,
engineering and operations,
technology, and analytics—
which it combines with specialized
expertise in clients’ mission and
domain areas to help solve their
toughest problems.
Booz Allen is headquartered
in McLean, Virginia, employs
approximately 25,000 people,
and had revenue of $5.86 billion
for the 12 months ended March
31, 2012. To learn more, visit
www.boozallen.com. (NYSE: BAH)
About Booz Allen Hamilton
CyberM3 Close-up:
Cyber Skills Assessments
& Organizational Analysis
Booz Allen Hamilton’s CyberM3
delivers proprietary, integrated solutions that address cyber-driven, business
challenges and opportunities. The CyberM3
Solutions Suite spans the full-spectrum of Booz Allen’s aggregated
cyber expertise, perspectives, and capabilities, enabling us to cost-effectively command the bridge between
strategic consulting and measurable, operational implementation and transformation. The bottom line?
CyberM3
enables your enterprise to Measure, Manage, and Mature your cybersecurity posture as you sort
out high-order, information security concerns for business operations.
The Business Challenge
Large companies are powered by complex, rapidly evolving technology. Granting its sophistication
and pivotal role in driving business success, information technology is still relatively young. As a
result, C-Suite and other business decision makers and influencers often mistakenly view cybersecurity
as a technology-only challenge. Not so. Addressing the broad, cyber threat environment requires
much more than being protected by even the newest hardware and software.
Along with deploying leading-edge, technology solutions, it behooves every company to maintain,
evaluate, and enhance the cyber skill-sets of its security team, including CIROs and CISOs and all
other personnel charged with information security. Booz Allen Hamilton knows that, as companies
grow, persons elevated to senior security positions – including CISOs and CIROs – may come from
technology-, operations- or finance-oriented backgrounds that often do not promote enterprise wide
perspectives on holistic information security or the complete skills to implement and manage
it successfully.
Senior security personnel who fail to acquire, maintain, and continually update broad, security
management skills risk leaving their companies’ networks vulnerable to cyber threats from inside
and out, regardless of the sophisticated technology purchases they may make to thwart them.
The Solution: CyberM3
’s Skills Assessments & Organizational Analyses
Booz Allen’s CyberM3
offering includes managerial assessment and organizational analysis assets
that help companies accurately and completely measure and understand how well prepared their
people and their company are to protect closely-held information. Booz Allen employs these tools
to comprehensively audit the full range of a company’s human capabilities and training for ensuring
optimal information security and to zero in on what the company still needs to deliver on the C-Suite’s
vision for seamless, enterprise-wide security.
For more information, contact
Sudhir Anantharaman
Senior Associate
Anantharaman_Sudhir@bah.com
703-377-1782

8. These tools include:
• CISO Skills Assessment. Through self-reported levels of education, certifications, and answers
to a series of scenario-based and other questions that measure soft skills (management,
communication, engagement, etc.) and technological know-how, the Booz Allen Skills Assessment
creates a detailed snapshot of the CISO’s (or CIRO’s) knowledge, vision, and abilities. Having
discovered and evaluated knowledge, skills, strengths, and weaknesses, CyberM3
enables
Booz Allen to map a program of continuing education, ensuring that the CISO/CIRO or other key
individual is positioned to more knowledgeably support and promote secure business operations.
• Organizational Analysis. Our approach yields a thorough view of what our client still must do to
deliver on the C-Suite’s expectations for company-wide information security. For example, as a
company grows and expands, some functions that once were handled by internal personnel may
be outsourced or automated. Booz Allen (1) analyzes those that are strategic and mission-centric
to ensure their systems are secure and, if not, how to make them so, and (2) provides the
documentation required to demonstrate the necessity of expenditures that will assure cybersecurity.
The Result
The CyberM3
Skills Assessments & Organizational Analysis delivers accurate and comprehensive
evaluations of individual and organizational readiness to meet the constantly shifting challenges
of information security. When remediation of any type is required, Booz Allen provides the detailed
roadmap and documented rationales for pursuing those solutions on an immediate basis. This helps
enterprises to efficiently, effectively, and successfully confront and manage security challenges
across the entire system, thereby minimizing threats and measurably reducing the attack surface.

9. www.boozallen.com
Booz Allen Hamilton has been at
the forefront of strategy and
technology consulting for nearly
a century. Today, the firm provides
services primarily to the US
government in defense, intelligence,
and civil markets, and to major
corporations, institutions, and
not-for-profit organizations.
Booz Allen offers clients deep
functional knowledge spanning
strategy and organization,
engineering and operations,
technology, and analytics—
which it combines with specialized
expertise in clients’ mission and
domain areas to help solve their
toughest problems.
Booz Allen is headquartered
in McLean, Virginia, employs
approximately 25,000 people,
and had revenue of $5.86 billion
for the 12 months ended March
31, 2012. To learn more, visit
www.boozallen.com. (NYSE: BAH)
About Booz Allen Hamilton
CyberM3 Close-up:
Strategic Opportunity Assessment
Booz Allen Hamilton’s CyberM3
delivers proprietary, integrated solutions that address cyber-driven, business
challenges and opportunities. The CyberM3
Solutions Suite spans the full-spectrum of Booz Allen’s aggregated
cyber expertise, perspectives, and capabilities, enabling us to cost-effectively command the bridge between
strategic consulting and measurable, operational implementation and transformation. The bottom line?
CyberM3
enables your enterprise to Measure, Manage, and Mature your cybersecurity posture as you sort
out high-order, information security concerns for business operations.
The Business Challenge
Big business is driven by complex, rapidly evolving technology. On a parallel path, an ever-changing,
cyber threat environment is driven by myriad, internal and external actors bent on mayhem – disrupting
operations, stealing closely held information, and damaging corporate reputations and stock prices.
Therefore, it is strategically essential for business leaders to be able to comprehensively diagnose
and assess just how strong and reliable even the latest system security updates are against these
“barbarians at the gates.” It also is critical to know where and how to shore up any weak defenses
across the enterprise.
The Solution: CyberM3
’s Strategic Opportunity Assessment
Information security threats are as diverse as those perpetrating them. With Booz Allen Hamilton’s
CyberM3
locating, identifying, and successfully addressing them is a process-driven, collaborative
effort between our team and yours to ensure a meticulous audit of your system. Booz Allen’s Strategic
Opportunity Assessment process:
• Starts by deploying Booz Allen’s cyber experts, working with you on an in-depth survey of the
business functions most central to your operations and the systems in place to protect them.
• Comprehensively evaluates the maturity of your information security program across the company’s
people, processes, and technology.
• Employs CyberM3
’s risk analysis capabilities to identify and prioritize the risk-justified roadmap
to evolve the program and address key, high opportunity threat areas, while also providing you
with all supporting details and required, forward actions (solution, design, and implementation).
The Result
The CyberM3
Strategic Opportunity Assessment delivers a state-of-the-art, information security
diagnostic that pinpoints problems in your enterprise and details an optimized roadmap, helping
your company address near- and long-term risk management challenges across all operations,
thereby minimizing threats and reducing your attack surface.
For more information, contact
Sudhir Anantharaman
Senior Associate
Anantharaman_Sudhir@bah.com
703-377-1782
Matthew Doan
Lead Associate
Doan_Matthew@bah.com
703-377-8950

10. www.boozallen.com
Booz Allen Hamilton has been at
the forefront of strategy and
technology consulting for nearly
a century. Today, the firm provides
services primarily to the US
government in defense, intelligence,
and civil markets, and to major
corporations, institutions, and
not-for-profit organizations.
Booz Allen offers clients deep
functional knowledge spanning
strategy and organization,
engineering and operations,
technology, and analytics—
which it combines with specialized
expertise in clients’ mission and
domain areas to help solve their
toughest problems.
Booz Allen is headquartered
in McLean, Virginia, employs
approximately 25,000 people,
and had revenue of $5.86 billion
for the 12 months ended March
31, 2012. To learn more, visit
www.boozallen.com. (NYSE: BAH)
About Booz Allen Hamilton
CyberM3 Close-up:
The Rise of the CISO
Booz Allen Hamilton’s CyberM3
delivers proprietary, integrated solutions that address cyber-driven, business
challenges and opportunities. The CyberM3
Solutions Suite spans the full-spectrum of Booz Allen’s aggregated
cyber expertise, perspectives, and capabilities, enabling us to cost-effectively command the bridge between
strategic consulting and measurable, operational implementation and transformation. The bottom line?
CyberM3
enables your enterprise to Measure, Manage, and Mature your cybersecurity posture as you sort
out high-order, information security concerns for business operations.
The Business Challenge
As large financial institutions and other complex enterprises increasingly rely on cloud-based transactions
in the cyber age, new insights and comprehensive security strategies are required to sustain a
growth environment. One result is that these exigencies are transforming the C-Suite’s composition
and focus, as the CISO evolves as a core player in business growth enablement. Today, the CISO’s
influential, proactive role drives an enterprise-wide focus on the need for up-to-date security programs
and how such programs are deployed and sustained across all operations.
Now having the C-Suite’s full attention, the CISO’s constant challenge is understanding and articulating
the broad spectrum of the company’s threat environment and attack surface and finding the best
solution resources, enabling the business to (1) efficiently and effectively identify and negate present
threats, (2) accurately forecast and plan to thwart future threats, and (3) justify the required spending.
The CISO’s Solution: Booz Allen Hamilton’s CyberM3
Think of the CISO and his or her support team as the “spear point” for successfully managing the
company’s risk exposure and combating the operational damage and costs from present and future
attacks. And the spear itself? Booz Allen’s proprietary CyberM3
framework, delivering the fact-based
assessments and measurements of organizational maturity and benchmarking that empower CISOs
to holistically identify, confront, and address critical cyber challenges.
The Result
With broad consideration for an enterprise’s people, processes and technology, CyberM3
’s sophisticated
benchmarking, analysis, and strategy development capabilities are the CISO’s precision tools for securing
sophisticated cyber ecosystems and justifying constant, complete cyber vigilance across all operations.
For more information, contact
Todd Inskeep
Senior Associate
Inskeep_Todd@bah.com
843-529-4800

11. www.boozallen.com
Booz Allen Hamilton has been at
the forefront of strategy and
technology consulting for nearly
a century. Today, the firm provides
services primarily to the US
government in defense, intelligence,
and civil markets, and to major
corporations, institutions, and
not-for-profit organizations.
Booz Allen offers clients deep
functional knowledge spanning
strategy and organization,
engineering and operations,
technology, and analytics—
which it combines with specialized
expertise in clients’ mission and
domain areas to help solve their
toughest problems.
Booz Allen is headquartered
in McLean, Virginia, employs
approximately 25,000 people,
and had revenue of $5.86 billion
for the 12 months ended March
31, 2012. To learn more, visit
www.boozallen.com. (NYSE: BAH)
About Booz Allen Hamilton
CyberM3 Close-up:
Financial Industry, Shared
Practices Benchmarking
Booz Allen Hamilton’s CyberM3
delivers proprietary, integrated solutions that address cyber-driven, business
challenges and opportunities. The CyberM3
Solutions Suite spans the full-spectrum of Booz Allen’s aggregated
cyber expertise, perspectives, and capabilities, enabling us to cost-effectively command the bridge between
strategic consulting and measurable, operational implementation and transformation. The bottom line?
CyberM3
enables your enterprise to Measure, Manage, and Mature your cybersecurity posture as you sort
out high-order, information security concerns for business operations.
The Business Challenge
The backbone of America’s financial services industry is the sophisticated, multifaceted technology
that powers 24/7/365 operations. That technology rapidly changes and morphs to keep pace with the
industry’s demands. Unfortunately, so do the skills and capabilities of countless, internal and external
actors aiming to upend financial institutions’ operations, compromise closely held information, and
beat up on corporate stock values and reputations.
Financial institutions must remain keenly alert to the ever-changing dynamics of the cyber threat
environment, and should be armed with current benchmarked information on industry cybersecurity
best practices. Previously that information was not available, as competitive peers preferred to privatize
information regarding what they know and successfully do. The problem? If regularly updated information
is not shared for the benefit of all, the entire industry’s fiscal integrity and reputation can suffer,
as constant cyber attacks continue striking at peers’ operations and the industry’s overall reputation
for maintaining and protecting personal information.
The Solution: Booz Allen Hamilton’s CyberM3
Shared Practices,
Benchmarking Study
Booz Allen approached America’s leading financial institutions with a proposal to develop a
non-attributional, financial services benchmarking study, recognizing the critical contribution
updated benchmarking would make to overall industry information security effectiveness and
understanding that effective cybersecurity investment must be focused and optimal. A globally
recognized leader in financial services cybersecurity, Booz Allen’s goal was to gather a critical
mass of cybersecurity practices data.
Through the study, Booz Allen intended to derive broad perspectives and discover insights into
state-of-the-industry strategies and tactics. With such information, financial institutions would
have dramatically better measures of their own practices against their peers, insights into how
well those practices work across the industry and expose to other practices that could significantly
improve their abilities to withstand cyber assaults and enable smarter, more efficient and effective
security decision making.
For more information, contact
Tony Orefice
Principal
Orefice_Anthony@bah.com
917-305-8031
Sudhir Anantharaman
Senior Associate
Anantharaman_Sudhir@bah.com
703-377-1782

12. Six of the nation’s top 10 financial institutions agreed to participate on a non-attributional basis in the
study. Booz Allen agreed to undertake and deliver the study at no charge, as a service to the industry.
The Result
The study proved so substantive and helpful that one financial institution’s senior representative
called it, “the most productive study of its kind the industry had every conducted.” Benefits derived
from the study include:
• Peer comparisons of best practices across all control families and peer sets
• Peer maturity assessments
• Assessments of the value and impact on expenditures for cybersecurity, tracking the maturity
of security capabilities against annual expenditures
• Detailed information on best practices the participating financial institution employs to protect
information, what it spends to do so, and the net results
• Identification of critical trends, cybersecurity tools typically utilized, organizational structures
that support information security across the organization, and the costs related to doing so
This first study was so well received by participants that Booz Allen will now produce a quarterly control
set. Perhaps best of all, peers who previously refrained from sharing details of their most intimate
cybersecurity strategies, tactics, and spending now see the tremendous benefits of doing so on a
non-attributional basis through a trusted, expert, dispassionate third party provider: Booz Allen.

13. www.boozallen.com
Booz Allen Hamilton has been at
the forefront of strategy and
technology consulting for nearly
a century. Today, the firm provides
services primarily to the US
government in defense, intelligence,
and civil markets, and to major
corporations, institutions, and
not-for-profit organizations.
Booz Allen offers clients deep
functional knowledge spanning
strategy and organization,
engineering and operations,
technology, and analytics—
which it combines with specialized
expertise in clients’ mission and
domain areas to help solve their
toughest problems.
Booz Allen is headquartered
in McLean, Virginia, employs
approximately 25,000 people,
and had revenue of $5.86 billion
for the 12 months ended March
31, 2012. To learn more, visit
www.boozallen.com. (NYSE: BAH)
About Booz Allen Hamilton
CyberM3 Close-up:
Advanced Persistent Threats (APT)
and Automated First Responder
Booz Allen Hamilton’s CyberM3
delivers proprietary, integrated solutions that address cyber-driven, business
challenges and opportunities. The CyberM3
Solutions Suite spans the full-spectrum of Booz Allen’s aggregated
cyber expertise, perspectives, and capabilities, enabling us to cost-effectively command the bridge between
strategic consulting and measurable, operational implementation and transformation. The bottom line?
CyberM3
enables your enterprise to Measure, Manage, and Mature your cybersecurity posture as you sort
out high-order, information security concerns for business operations.
The Business Challenge
Modern enterprise leans heavily on complex, rapidly evolving technology. On a parallel track, criminal
intent and espionage drive Advanced Persistent Threats (APT), causing untold damage to supply
chains, essential business operations, closely held information, financials, and corporate reputations.
It is critical that businesses across all industries meticulously and constantly evaluate their respective
security cultures, assess potential threat environments, and take corrective actions to combat malware
and secure their networks.
The Solution: Automated First Responder
Automated First Responder (AFR) is Booz Allen’s proprietary, integrated suite of tools, delivering the
most thorough data collection and abilities to detect and characterize advanced malware and empower
a comprehensive understanding of relevant threat environments. A critical component of Booz Allen’s
broader, dynamic approach to intelligence-driven security, AFR is a process-driven solution that helps
our clients locate, analyze, and proactively combat myriad cyber threats across the enterprise. AFR
is fuelled by Booz Allen’s unique, aggregate expertise in cybersecurity to find, analyze, and solve
problems other solutions simply can’t discover.
Threats to information security come in many guises, from head-on to assaults to those so subtle
they can invade a network unnoticed and then move laterally into other areas to broaden their access.
Unexpected and undetected, they do extensive damage for years, before being noticed.
To combat malware invasions with AFR, Booz Allen:
• Runs a series of comprehensive “data grabs” in a network. Proprietary analytics enable Booz Allen’s
expert security analysts to spot any anomalies (e.g., unfamiliar services, services running in the
temp directory, looking for svchost.exe running in any other but system 32 directory or for any
hijacked services)
• Captures snapshots in time of activities on Windows machines
• Utilizes statistical analyses to identify malware
For more information, contact
Rick Stotts
Principal
Stotts_Richard@bah.com
210-244-4265
Eric White
Principal
White_Eric@bah.com
703-984-0779
Jeff Lunglhofer
Principal
Lunglhofer_Jeff@bah.com
703-984-1863

14. • Empowers informed decisions to investigate further, and launch remediation to clean the code or
to initiate counter-measures
• Enables Booz Allen’s cyber experts to see “beyond the horizon,” where potential system weaknesses
require strategic, forward planning to ensure complete security
The Result
Deploying and effectively utilizing AFR allows Booz Allen to look across the entire enterprise at policies,
people, and processes to understand a business’s unique threat surfaces; points of weakness;
perspectives on risk tolerance and externally provided risk mitigation, and near- and long-term solutions
to thwarting attacks, keeping information safe, and protecting the overall integrity of business activities.