• HOME
  • SOLUTIONS
    • ARTIFICIAL INTELLIGENCE
    • NEXT GEN RETIREMENT
    • DISTRIBUTED LEDGER
    • DIGITAL ASSETS
    • DIGITAL WALLETS
    • TELEWORK
    • TELEHEALTH
    • BENEFITS
    • GIG WORKFORCE
    • DIGITAL LEARNING
    • CYBERSECURITY
  • CONSULTING
    • CONSULTING SERVICES
    • STRATEGY FOR DIGITAL
    • OPERATIONS & DATA MODELS
    • DIGITAL TRANSFORMATION
    • CYBER CAPABILITIES
    • MERGERS & ACQUISITIONS
  • LICENSING
    • WIRELESS TECHNOLOGIES
    • TECHNOLOGY TRANSFERS
  • ABOUT
    • WHAT WE DO
    • WHO WE HELP
    • WHO WE ARE
    • CONTACT US
  • More
    • HOME
    • SOLUTIONS
      • ARTIFICIAL INTELLIGENCE
      • NEXT GEN RETIREMENT
      • DISTRIBUTED LEDGER
      • DIGITAL ASSETS
      • DIGITAL WALLETS
      • TELEWORK
      • TELEHEALTH
      • BENEFITS
      • GIG WORKFORCE
      • DIGITAL LEARNING
      • CYBERSECURITY
    • CONSULTING
      • CONSULTING SERVICES
      • STRATEGY FOR DIGITAL
      • OPERATIONS & DATA MODELS
      • DIGITAL TRANSFORMATION
      • CYBER CAPABILITIES
      • MERGERS & ACQUISITIONS
    • LICENSING
      • WIRELESS TECHNOLOGIES
      • TECHNOLOGY TRANSFERS
    • ABOUT
      • WHAT WE DO
      • WHO WE HELP
      • WHO WE ARE
      • CONTACT US
  • HOME
  • SOLUTIONS
    • ARTIFICIAL INTELLIGENCE
    • NEXT GEN RETIREMENT
    • DISTRIBUTED LEDGER
    • DIGITAL ASSETS
    • DIGITAL WALLETS
    • TELEWORK
    • TELEHEALTH
    • BENEFITS
    • GIG WORKFORCE
    • DIGITAL LEARNING
    • CYBERSECURITY
  • CONSULTING
    • CONSULTING SERVICES
    • STRATEGY FOR DIGITAL
    • OPERATIONS & DATA MODELS
    • DIGITAL TRANSFORMATION
    • CYBER CAPABILITIES
    • MERGERS & ACQUISITIONS
  • LICENSING
    • WIRELESS TECHNOLOGIES
    • TECHNOLOGY TRANSFERS
  • ABOUT
    • WHAT WE DO
    • WHO WE HELP
    • WHO WE ARE
    • CONTACT US

Cybersecurity Capability Maturity Model (C2M2)

ACROSS INDUSTRIES

The Cybersecurity Capability Maturity Model (C2M2) is a service that enables organizations to voluntarily measure the maturity of their cybersecurity capabilities in a consistent manner over 10 domains. The good news is that cybersecurity best practices, such as developing and implementing a cybersecurity maturity model, can be very effective in eliminating the vulnerabilities that cyber-attacks exploit.


A maturity model is a set of characteristics, attributes, indicators, or patterns that represent capability and progression in a particular discipline. A model content typically exemplifies best practices and may incorporate standards or other codes of practice of the discipline. 


A maturity model thus provides a benchmark against which an organization can evaluate the current level of capability of its practices, processes, and methods and set goals and priorities for improvement. Also, when a model is widely used in a particular industry (and assessment results are shared), organizations can benchmark their performance against other organizations. An industry can determine how well it is performing overall by examining the capability of its member organizations. 


To measure progression, maturity models typically have “levels” along a scale. A set of attributes defines each level. If an organization demonstrates these attributes, it has achieved both that level and the capabilities that the level represents. Having measurable transition states between the levels enables an organization to use the scale to: 


  • Define its current state;
  • Determine its future, more mature state; 
  • Identify the capabilities it must attain to reach that future state.


C2M2 objectives include:

  

  1. Strengthen cybersecurity capabilities
  2. Enable consistent evaluation and benchmarking of cybersecurity capabilities
  3. Share knowledge and best practices
  4. Enable prioritized actions and cybersecurity investments

THE CYBERSECURITY CAPABILITY MATURITY MODEL TEN domains

Risk Management

Establish, operate, and maintain an enterprise cybersecurity risk management program to

identify, analyze, and mitigate cybersecurity risk to the organization, including its business

units, subsidiaries, related interconnected infrastructure, and stakeholders.

Asset, Change, and Configuration Management

Manage the organization’s assets, including both hardware and software,

commensurate with the risk to critical infrastructure and organizational objectives.

Identity and Access Management

Create and manage identities for entities that may be granted logical or physical access to the

organization’s assets. Control access to the organization’s assets, commensurate with the risk to critical infrastructure and organizational objectives.

Threat and Vulnerability Management

Establish and maintain plans, procedures, and technologies to detect, identify, analyze, manage, and respond to cybersecurity threats and vulnerabilities, commensurate with the risk to the organization’s infrastructure and organizational objectives.

Situational Awareness

Establish and maintain activities and technologies to collect, analyze, alarm, present, and use operational and cybersecurity information, including status and summary information from the other model domains, to form a common operating picture.

Information Sharing and Communications

Establish and maintain relationships with internal and external entities to collect and provide cybersecurity information, including threats and vulnerabilities, to reduce risks and to increase operational resilience, commensurate with the risk to critical infrastructure and organizational objectives.

Event and Incident Response, Continuity of Operations

Establish and maintain plans, procedures, and technologies to detect, analyze, and respond to cybersecurity events and to sustain operations throughout a cybersecurity event, commensurate with the risk to critical infrastructure and organizational objectives.

Supply Chain and External Dependencies Management

Establish and maintain controls to manage the cybersecurity risks associated with services and assets that are dependent on external entities, commensurate with the risk to critical infrastructure and organizational objectives.

Workforce Management

Establish and maintain plans, procedures, technologies, and controls to create a culture of cybersecurity and to ensure the ongoing suitability and competence of personnel, commensurate with the risk to critical infrastructure and organizational objectives.

Cybersecurity Program Management

Establish and maintain an enterprise cybersecurity program that provides governance, strategic planning, and sponsorship for the organization’s cybersecurity activities in a manner that aligns cybersecurity objectives with the organization’s strategic objectives and the risk to critical infrastructure.

Download PDF

HOW CAN WE HELP YOU?

THE DIGITAL INNOVATION COMPANY

Innovators and Change-Makers.

Copyright © 2022 Digital Workplace Ventures, LLC - All Rights Reserved.