CYBERSECURITY MATURITY MODEL

.docx

School

University of Maryland Global Campus (UMGC) *

*We aren’t endorsed by this school

Course

485

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

6

Uploaded by ratarver1

Report
CYBERSECURITY MATURITY MODEL VS NIST CYBERSECURITY FRAMEWORK BY: BOB TARVER 2/11/2024
Introduction The Department of Energy’s C2M2 cybersecurity maturity model has become a tool for determining and assessing the cybersecurity posture of many organizations, most notably the energy sector. (U.S. Energy Association, 2023) The main idea behind this model was to link up to the NIST Cybersecurity Framework to the digitization of the energy sector. It will also support all utility companies as they adapt to any new technological advancements and competition within the energy sector. (U.S. Energy Association, 2023) The NIST Cybersecurity Framework is in use by many organizations in multiple sectors because of its ability to address cyber risks. One of the main differences of the C2M2 model is that it places a great deal of emphasis on the activities of the organization and not just the systems. It also allows an organization to compare its current profile with a target profile that it wants to achieve. In addition, it can help set the necessary priorities when it comes to security products to put in place. The model provides important guidelines for putting cybersecurity practices in place. It provides ten model domains
and 312 best practices and is divided among three maturity models. (U.S. Energy Association, 2023) What approach should the organization take in developing the Cybersecurity Management Program? When it comes to selecting which model to recommend to PBI- FS, I would recommend merging the C2M2 model with the NIST Cybersecurity Framework. By combining the best parts of each model, PBI-FS would get a total view of their cybersecurity posture. The C2M2 would be able to identify any potential gap in the cybersecurity abilities, the NIST framework would help implement and improve the capabilities and thereby create a robust and stronger cybersecurity strategy. (MJOLNIR Security, 2023) What laws and regulations must be addressed by the Cybersecurity Management Program in a Financial Services Firm? On March 1, 2017, the DFS, or Department of Financial Services, enacted 23 NYCCR 500 with the plan to combat the risk of cyber threats. The regulations were recently amended in November 2023 to include how any cybersecurity incident was
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help