Understanding & Improving Cyber-security Capabilities in Critical Infrastructure: Cyber-security Models & Measurement
This presentation will discuss tools to help management evaluate and understand an organization’s cybersecurity posture and develop a prioritized roadmap for improvement. Tools discussed include the Cybersecurity Capability Maturity Models (C2M2) developed specifically for the energy sector and the Cyber Resilience Review (CRR) being applied across critical infrastructure sectors. These models, both derived from the CERT Resilience Management Model, help organizations evaluate, prioritize, and improve cybersecurity capabilities using a common set of industry-vetted cybersecurity practices, grouped into ten domains and arranged according to maturity level. The relationship to the NIST Cybersecurity Framework will also be discussed.