Jack J. Domet is a management expert with more than twenty-five years’ experience in helping multinational corporations adapt to shifts in technology, globalization, and consumerism through organizational change.
Thomas J. Parenty is an international cybersecurity and privacy expert who, over the course of more than thirty-five years, has worked at the National Security Agency and advised other government agencies and corporations across the globe.
Across four decades, Archefact Group’s founders have advanced cybersecurity practices, policy and education through consequential actions.
1984 The Decision at NSA
1995 NIST’s Cybersecurity Beginnings
1997 Presidential Commission
1999 Encryption Export Controls
2001 NIST Oversight
2003 Trust Framework
2008 Cyber Regulations Deciphered
2012 Medical Information Protection
2019 Digital Stewardship
In collaboration with Harvard Business Review Press, Archefact Group’s founders have written two books to give boards, executive teams and managers practical advice and concrete direction to fulfill their cybersecurity responsibilities and protect their companies from cyberattack.
Archefact Group's Thomas Parenty speaks with ICS security consultant Dale Peterson about the Board of Directors’ responsibility in business risk management.
For Chief Executive, the Archefact founders write: "You can delegate cybersecurity, but if something goes wrong, all eyes will be on you, not your CTO."
In a recent HBR IdeaCast, Thomas Parenty and Jack Domet say that most organizations are approaching cybersecurity all wrong.
A discussion on why cybersecurity is a leadership topic and how corporate leaders can manage cyber risks, defend their company and lead in a cyber crisis.
Featured in the Nov/Dec issue of HBR Magazine, the Archefact founders advise: "Focus first on the threats to your key activities—not on the technology itself."
"Using copied software and other media has become embedded in China’s computing culture...the only way I see this changing things is if the central government decides there is a risk to critical infrastructure from this threat and force people to buy legitimate software. But I don’t see that happening right now.”
“But the problem is often a lack of understanding by senior managers not just of technology but of business processes… no one in the organisation bothers to look at the value of what data they hold, the consequences if something bad happens to it, and the appropriate mechanisms to prevent that from happening.”
How to support an "always on" business environment, yet defend assets from cyber attack via the Internet, is now a major concern. "If you have all your protection up-to-date it still doesn't allow you to answer questions such as are my customer financial records safe or are the designs for a new product protected from competitors."
“In order to effectively engage with your board, you need to establish the connections between business risks and consequences, the cyber attacks that can cause them, and the controls that can help mitigate them.”
“It is not possible to delegate cybersecurity to technical staff and still fulfill your responsibility to protect the interests of stakeholders and your duty of care.”
“The key to understanding your company’s cyber risks is where you start to look. Begin with business activities and their risks, not computers and their vulnerabilities.”