The ADAPTURE Cyber Security Program Is Based on The Cybersecurity Framework
With cybersecurity attacks on the rise, the need for holistic standards-based security solutions is paramount. Organizations large and small today find themselves battling ever-evolving cyber adversaries in the face of shrinking budgets. Deciding how to prioritize cybersecurity spending often becomes a marketing exercise instead of one based upon standards and a sound understanding of cybersecurity risk. With the myriad challenges facing our customers, we understand that the need for a standards-based framework is the best way to achieve consistent cybersecurity outcomes.
Developed in response to Executive Order (EO) 13636 “Improving Critical Infrastructure Cybersecurity” of February 2013, the Framework recommends risk management processes that enable organizations to inform and prioritize decisions regarding cybersecurity based on business needs, without additional regulatory requirements. It enables organizations—regardless of sector, size, degree of cybersecurity risk, or cybersecurity sophistication—to apply the principles and effective practices of risk management to improve the security and resilience of critical infrastructure. The Framework is designed to complement, but not replace or limit, an organization’s risk management process and cybersecurity program and has been adopted by ADAPTURE as the basis of its existing Cyber Security Program.
The three main components of the Framework are the Core Functions, Risk Management Scale, and Maturity Profile.
Understand how to manage cybersecurity risk for data, assets, systems, and capabilities based on your risk management strategy and your business goals and needs.
Safeguard against cybersecurity risks to ensure delivery of critical infrastructure services and to be able to maintain the impact of a cybersecurity event at a minimum.
Develop appropriate activities to help discover occurrences of a cybersecurity event in a timely manner.
Develop and implement appropriate activities to address and contain the impact of a detected cybersecurity event.
Restore impaired capabilities or critical infrastructure services resulting from a cybersecurity event.
The cybersecurity risk management is mostly reactive or implemented on a case-by-case basis, and there is limited awareness of cybersecurity risk at the organizational level.
- Risk Informed
Risk management practices are prioritized based on business objectives at the discretion of management and may not be established organizational-wide.
The organization’s risk management process is established as an organizational-wide policy and is updated regularly based on the changing technology and threat landscape.
Cybersecurity risk management is part of the organizational culture. The organization adapts its cybersecurity practices based on past and current cybersecurity activities to be able to respond to evolving threats in a timely manner.
- Current Profile
Describes the current cybersecurity posture and the outcomes currently achieved.
- Target Profile
Describes the target cybersecurity posture by exposing opportunities for improvement in order to reach cybersecurity risk management objectives.
The ADAPTURE Cyber Security Management program addresses the Cybersecurity Framework (CSF) throughout every facet of the program, as illustrated in the adjacent diagram. At each point in the cycle, we address a corresponding Cybersecurity Framework-centered focus. The ADAPTURE Account Executives, Architects, Consultants, and Engineers are all well versed in the framework and its mapping to the ADAPTURE Project Management process.
The tenets of the Cybersecurity Framework are woven in the culture of ADAPTURE, and the implementation of the framework is based on a continuous-improvement methodology. By following the framework, we’re able to help our customers understand their current risk profile and develop a roadmap for improvement.