As with quality, you cannot test Cybersecurity into a system – you must design it in
Don’t let your People and Processes introduce cyber risks to your operations. Implementing effective cybersecurity requires comprehensive end-to-end human factors and business processes evaluation, re-design and evolution. As with quality, you cannot test Cybersecurity into a system – you must design it in.
Implementing and evaluating effective cybersecurity requires much more than just installing malware scanning applications and executing penetration testing. You are trying to protect operational technology (OT) industrial control systems (ICS), not email.
In fact, relying on detection methods like malware scanning and penetration testing is the least effective way to implement and evaluate effective ICS cybersecurity.
Basing your cybersecurity on detection gives you a false sense of security. When a threat gets through, by the time you detect it, it is too late – the damage is done.
The most effective cybersecurity programs focus on preventing malware from gaining access to your systems. If a threat gets into your system, having response and recovery capabilities mitigating the damage is critical to ICS survival. Comprehensive organizational and operational behavioral policies and procedures achieve prevention, response, and recovery.
The National Institute of Standards and Technology (NIST) Cybersecurity Framework and US Dept. of Energy cybersecurity maturity models are at the foundation of Athens Group Cybersecurity services. These guidelines provide highly effective and widely accepted models for designing, implementing, and evaluating cyber threat vulnerability.
Our services go beyond 1) determining if a specific asset is protected, 2) at a specific moment 3) from a known threat. Our focus is determining if your people and processes are capable of continually managing and improving cybersecurity in a manner that continually reduces the risk of a cyber threat impacting your operations.
We provide the following services essential to the successful design, implementation, evaluation, and audit of cybersecurity capabilities across your organizations, geographies, and assets.
- Cybersecurity Capability Maturity Model (C2M2) Evaluation Service
We provide a specifically tailored evaluation of the maturity of the organization and processes used to manage cybersecurity. The C2M2 evaluation provides information about an organizations ability to manage unknown or unexpected cybersecurity threats.
The maturity level can be used as a comparable measure of a given organization or asset against other organizations, assets, industry norms, or client requirements. The more mature an organization is, the better prepared it is to fend off a cybersecurity threat.
The maturity model we use is unique in that it combines the NIST Framework for cybersecurity, the DoE Cybersecurity Capability Maturity Model (C2M2), and the Athens Group software systems quality maturity model into a single comprehensive measure of both the cyber technology system and cybersecurity maturity.
The maturity model evaluation can be run as a self-guided survey or as a fully facilitated multi-day workshop. The workshop includes threat profiling using Athens Group’s unique Threat Mode Effect Criticality Analysis (TMECA®). A threat profile is essential to meeting the NIST “Identify” function requirements. It provides a comprehensive and specific profile of malicious and non-malicious threats to your system which are then used to evaluate cybersecurity performance.
- Cybersecurity Performance Audit and Test Service
We provide a live audit and test of the current state of cybersecurity capability. The audit and testing can be executed alone, or be used to confirm and increase the confidence in the results of the C2M2 evaluation
Using a combination of cyber threat evaluation tools (phishing, spoofing, penetration, scanning), review and verification of operational technology systems documentation and face to face interviews with key resources Athens Group can evaluate actual cybersecurity performance.
- Cybersecurity Capability Maturity Improvement Service
Following the execution of a full maturity workshop and a full audit and testing, we provide expert consulting resources to identify gaps in cybersecurity performance and design and execute programs to close those gaps.
Follow-up maturity model evaluation and spot audits can be executed to confirm the progress.
Implementing effective cybersecurity is not merely installing malware detection applications. Athens Group is here to help you protect operational technology (OT) industrial control systems (ICS). Evaluating your cybersecurity capability requires much more than threat scans and penetration testing. We’re here to make you CyberSafe!