NOTE:
Guys, this is a top-quality reference material and you can grasp a number of valuable ideas to learn more about your cybersecurity efforts. Kindly spend a little time to understand it.
It is a very simple and straight idea that if you want to measure the effectiveness of your organization, capabilities and operations, from information security perspective, you must know--where you stand so you can identify gaps and develop plans to increase effectiveness across the entire enterprise.
You would need to endorse the fact that the most effective way to thwart targeted, sophisticated and persistent cyber threats is to have a mature cyber-defense program.
Here, I am sharing with you Capgemini’s Cybersecurity Defense Maturity Evaluation model. It is a good model as it measures an organization’s alignment to the Unified Enterprise Defense strategy across 13 key evaluation domains and sub-components, to quantify an organization’s cybersecurity defensive posture.
The Unified Enterprise Defense structure was developed by Capgemini to outline and characterize all of the important elements that an organization must develop and integrate cohesively, to have an effective strategy for protecting and defending an enterprise from all cybersecurity threats.
What they have done is that they have integrated evidence-based approaches and frameworks such as ISO, NIST and CMMI into their Unified Enterprise Defense strategy.
This strategy drives a comprehensive evaluation for how an organization both protects and defends the enterprise through proper visibility and effective leverage of threat intelligence.
This model spans four major states; Foundational, Reactive, Proactive and Adaptive.
Using these states as a measurement scale Capgemini’s Cybersecurity Defense Maturity Evaluation evaluates 13 domains with an emphasis on the following cybersecurity functions:
The enterprise has started to build out capabilities for foundational areas of security aligned to risk. Operations take place in a distributed manner, and a standardized model and consistent approach have not been defined and do not focus on network defense functions.
The enterprise has a baseline of repeatable security operations and may have a dedicated team for network defense. Workloads are cyber response activities, preventing effective defensive operations. Threat intelligence may be leveraged in an ad-hoc capacity.
The enterprise has aligned both aspects of securing the enterprise and defending the enterprise into a well-defined industry model. Threat intelligence is integral to daily operations and feeds detective and defensive strategies.
The enterprise has established a mature cyber defense program. Operations continue to mature and adapt through automation efficiencies and partnerships as the threat landscape changes. Custom capabilities are established and threat intelligence managed to the degree that historical data trending enables the security organization to stay ahead of adversaries.
It can provide your company an understanding of their existing cybersecurity posture, visibility to and providing a plan for addressing gaps along with a benchmark capability to continually measure your cybersecurity effectiveness.
--
Please leave me your thoughts in the comment section.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM