BSides Idaho Falls Preview: Cyber Security Defense Maturity Model

Organizations receive mass amounts of data daily regarding cyber security risks. Too many companies set their cyber security defense strategy based on news stories, vendors and/or a “whack a mole” approach.

My discussion reviews a unique cyber security defensive maturity model (CSDMM) providing security professionals a much clearer understanding of their defensive maturity and capability when deciding what technologies to implement and in what order.

The CSDMM assists organizations with understanding the status of their cyber defense posture. Cyber defense is a journey, and organizations must understand where they fit along the voyage as well as where and what direction they should take.

Many cyber security solutions cost substantial amounts of money, time, and expertise, and not all technologies apply to all entities. Understanding what, where and when is critical for the most secure and cost-effective defense per organization.

This model plots technology families within a scatter plot based on an X-axis of defensive maturity and a Y-axis of capability level, thus assisting firms in knowing where they are and where they want to go. My discussion covers all families with a detailed description as to what areas of security they cover as well as in some instances the products and vendors that cover specific areas.

• Defensive Maturity: Distance down the X-axis towards substantial cyber security defense. The further a technology product resides to the right, the more mature an organization can declare its defense maturity level, i.e. have a SOC > maturity than solely implementing encryption.
• Capability Level: This covers technology sophistication as well as the uniqueness of technology used. As an implementation provides greater impact on an organization’s defense and the newer the technology is in the marketplace, the higher up the Y-axis the technology family resides. The fewer deployments live across industry, the higher (Read more...)