Athens Group Services offers the following services essential to successfully design, implementation, evaluation, and audit of cybersecurity capabilities across your organizations, geographies, and assets.
Cybersecurity Capability Maturity Model (C2M2) Evaluation
This is a specifically tailored evaluation of the maturity of an organization and the processes used to manage cybersecurity. The C2M2 evaluation provides insights about an organization’s ability to manage unknown or unexpected cybersecurity threats.
The maturity level can also be used as a comparable measure of a given organization or asset against other organizations, assets, industry norms, or client requirements. The more mature an organization is, the better prepared it is to fend off a cybersecurity threat.
The maturity model we use is unique in that it combines the NIST Framework for cybersecurity, the DoE Cybersecurity Capability Maturity Model (C2M2), and the Athens Group software systems quality maturity model into a single comprehensive measure.
The evaluation can be run as a self-guided survey or as a fully facilitated multi-day workshop. The workshop includes threat profiling using Athens Group Services’ unique Threat Mode Effect Criticality Analysis (TMECA®). A threat profile is essential to meeting the NIST “Identify” function requirements. It provides a comprehensive and specific profile of malicious and non-malicious threats to your system which are then used to evaluate cybersecurity performance.
Cybersecurity Performance Audit and Test
We provide a live audit and test of the current state of cybersecurity capability. The audit and testing can be executed alone, or be used to confirm and increase the confidence in the results of the C2M2 evaluation
Using a combination of cyber threat evaluation tools (phishing, spoofing, penetration, scanning), review and verification of operational technology systems documentation, and face-to-face interviews with key resources Athens Group can evaluate actual cybersecurity performance.
Cybersecurity Capability Maturity Improvement
Following the execution of a full maturity workshop and a full audit and testing, we provide expert consulting resources to identify gaps in cybersecurity performance and design and execute programs to close those gaps.
Follow-up maturity model evaluation and spot audits can be done to confirm the progress.
Don’t let your people and processes introduce cyber risks to your operations. Implementing effective cybersecurity requires comprehensive end-to-end human factors and business processes evaluation, re-design and evolution. As with quality, you cannot test Cybersecurity into a system – you must design it in.
Implementing and evaluating effective cybersecurity requires much more than just installing malware scanning applications and executing penetration testing. You are trying to protect operational technology (OT) industrial control systems (ICS), not just email.
In fact, detection methods like malware scanning and penetration testing is the least effective way to implement and evaluate ICS cybersecurity because it gives you a false sense of security. This is because when a threat gets through and you detect it, the damage is done.
The most effective cybersecurity programs focus on preventing malware from gaining access to your systems. If a threat breaches your system, having response and recovery capabilities mitigating the damage is critical to ICS survival. Comprehensive organizational and operational behavioral policies and procedures achieve prevention, response, and recovery.
The National Institute of Standards and Technology (NIST) Cybersecurity Framework and US Dept. of Energy cybersecurity maturity models are at the foundation of Athens Group Services Cybersecurity. These guidelines provide highly effective and widely accepted models for designing, implementing, and evaluating cyber threat vulnerability.
In summary, our services go beyond determining if a specific asset is protected at a specific moment from a known threat. Our goal is determining if your people and processes are capable of continually managing and improving cybersecurity in a manner that continually reduces the risk of a cyber threat impacting your operations.
Implementing effective cybersecurity is not merely installing malware detection applications. Athens Group Services is here to help you protect operational technology (OT) industrial control systems (ICS). Evaluating your cybersecurity capability requires much more than threat scans and penetration testing. We’re here to make you CyberSafe!