With cybersecurity attacks on the rise, the need for holistic standards-based Security Services is paramount. Organizations large and small today find themselves battling ever-evolving cyber adversaries in the face of shrinking budgets.

Pictured: Sir Isaac Newton (1690 A.D.)

newton1newton2

Recommended Framework

Deciding how to prioritize cybersecurity spending often becomes a marketing exercise instead of one based upon standards and a sound understanding of cybersecurity risk. With the myriad challenges facing our customers, we understand that the need for a standards-based framework is the best way to achieve consistent cybersecurity outcomes.

Developed in response to Executive Order (EO) 13636 “Improving Critical Infrastructure Cybersecurity” of February 2013, the Framework recommends risk management processes that enable organizations to inform and prioritize decisions regarding cybersecurity based on business needs, without additional regulatory requirements. It enables organizations—regardless of sector, size, degree of cybersecurity risk, or cybersecurity sophistication—to apply the principles and effective practices of risk management to improve the security and resilience of critical infrastructure. The Framework is designed to complement, but not replace or limit, an organization’s risk management process and cybersecurity program and has been adopted by Adapture as the basis of its existing Cyber Security Program.

The three main components of the Framework are the Core Functions, Risk Management Scale, and Maturity Profile.

  1. Identify
    Understand how to manage cybersecurity risk for data, assets, systems, and capabilities based on your risk management strategy and your business goals and needs.
  2. Protect
    Safeguard against cybersecurity risks to ensure delivery of critical infrastructure services and to be able to maintain the impact of a cybersecurity event at a minimum.
  3. Detect
    Develop appropriate activities to help discover occurrences of a cybersecurity event in a timely manner.
  4. Respond
    Develop and implement appropriate activities to address and contain the impact of a detected cybersecurity event.
  5. Recover
    Restore impaired capabilities or critical infrastructure services resulting from a cybersecurity event.

  • Partial
    The cybersecurity risk management is mostly reactive or implemented on a case-by-case basis, and there is limited awareness of cybersecurity risk at the organizational level.
  • Risk Informed
    Risk management practices are prioritized based on business objectives at the discretion of management and may not be established organization-wide.
  • Repeatable
    The organization’s risk management process is established as an organization-wide policy and is updated regularly based on the changing technology and threat landscape.
  • Adaptive
    Cybersecurity risk management is part of the organizational culture. The organization adapts its cybersecurity practices based on past and current cybersecurity activities to be able to respond to evolving threats in a timely manner.

  • Current Profile
    Describes the current cybersecurity posture and the outcomes currently achieved.
  • Target Profile
    Describes the target cybersecurity posture by exposing opportunities for improvement in order to reach cybersecurity risk management objectives.

Implementation

The Adapture Cyber Security Management program addresses the Cybersecurity Framework (CSF) throughout every facet of the program, as illustrated in the adjacent diagram. At each point in the cycle, we address a corresponding Cybersecurity Framework-centered focus. The Adapture Account Executives, Architects, Consultants, and Engineers are all well versed in the framework and its mapping to the Adapture Project Management process.

The tenets of the Cybersecurity Framework are woven in the culture of Adapture, and the implementation of the framework is based on a continuous-improvement methodology. By following the framework, we’re able to help our customers understand their current risk profile and develop a roadmap for improvement with Security Services.

Prioritize & Scope

Define project scope and prioritize areas to be addressed.

Evaluate & Assess

Meet with Adapture facilitator, admin assistant, and subject matter experts to evaluate cybersecurity readiness.

Score & Analyze

Analyze current program and identify areas of vulnerability.

Develop Roadmap

Create a plan for improvement.

Implement New Plan

Acquire new technologies and perform additional assessments.

Review & Re-Evaluate

Review cybersecurity plan regularly to identify new threats.

Related Pages

Auto-Insurance-Company-Smartsheet-Solution-Case-Study-featured
Read Now

Featured Case Study: Leading National Insurance Provider Compliance Solution

A Leading National Insurance Provider Relies On Adapture To Help Strengthen PCI Compliance And Develop A Solid Architectural Design.
Read Now
Client Success Stories

Professional Services Partners

f5 logo
cisco logo
coudflare logo
VMware logo
Paloalto-Logo
Cisco Logo (1)