|
Capability Maturity Model Cybersecurity
|
Definition: The Capability Maturity Model. CMM Cybersecurity, is a measurement model which is the same as the Capability Maturity Model but extends specifically to cybersecurity. The CMM Cybersecurity provides the framework to measure capability across the spectrum's of cybersecurity. This model follows a similar utility to the measurement of computer systems using capability maturity modeling (CMM) and the use of Capability Maturity Model Integration which guides the process of development and integration, but is focus specific to cybersecurity. Background Evolution to be inclusive :In the Information Technology industry IT, the evolution of the Capability Maturity Model CMM began with the Capability modeling for software development. There was a security component limited to security elements included in the development of software applications. Capability Maturity Model :With the advent of many cybersecurity solutions providers, including those that developed cybersecurity solutions into their products, like CISCO, and others that were solely cybersecurity solutions providers, the model became outdated as it failed to include these elements. In the energy industry a cybersecurity capability maturity model developed, named C2M2. It has been progressive in addressing measurement specific to SCADA compliance, but did not include all elements or areas of cybersecurity. Measurement :This modeling address cybersecurity capability and encompass all vendors providing cybersecurity solutions, and thereby provide a model that is useful at an executive level, to measure and manage not only its enterprise but those it does business with, and allows access to its systems. Measurement Measurement, results in identifying security risks, addressing them, and devising a plan to manage and improve improve going forward. ::GRADE A. <big>Self optimizing</big> :::At the optimizing level, processes are constantly being improved through monitoring feedback from current processes and introducing innovative processes to better serve the organization's particular needs. At the self optimizing level, the organization has the processes in place to in addition to be managed, replicate and educate the process to have an ongoing maturing capability as the organization changes, people come and go, and the processes change. ::GRADE B. <big>Managed</big> :::At the managed level, an organization monitors and controls its own processes through data collection and analysis. ::GRADE C. <big>Defined and Measured</big> :::At the defined and measured level, an organization has developed its own standard process through greater attention to documentation, standardization, and integration. ::GRADE D. <big>Repeatable</big> :::At the repeatable level, basic project management techniques are established, and successes could be repeated, because the requisite processes would have been made established, defined, and documented. ::GRADE E. <big>Initial</big> :::At the initial level, processes are disorganized, even chaotic. Success is likely to depend on individual efforts, and is not considered to be repeatable, because processes would not be sufficiently defined and documented to allow them to be replicated. Data Collection In order to apply data to the Capability Maturity Model CMM, two steps are performed to collect data. : 1. a survey of questions directed to the responsible person in the organization is performed, and : 2. where applicable data inputs are taken from various cybersecurity solutions providers, and applied dynamically to the CMM. The questions and data inputs are derived and provided by the cybersecurity solutions provider. For the questions, capability for each question is rated on each CMM level; 1. 'As is' (where you are now) and 2. 'To be' (where you need to be) . As part of the CMM, data is applied and analysed. The choice of levels, 'where you are at today' and 'where you need to be' establishes the 'gaps' which enables us to identify and focus on maturing your capability. Hence this is called Capability Maturity Modeling. The CMM records data through it's maturity and assists in drill downs to easily identify deficits, and retains and reports the CMM data.
|
|
|