Improving Cyber Security and Mission Assurance viaCyber Preparedness (Cyber Prep) Levels

摘要

Increasing dependence on cyberspace makes preparedness against cyber threats integral to mission assurance. The nature of cyber threats in general — and advanced persistent threats in particular — requires a longer-term commitment from senior leadership, including vision, strategy, and investment prioritization as well as the organizational agility to respond to ever-changing tactics and techniques. The cyber preparedness (Cyber Prep) methodology enables an organization to (1) characterize the cyber threats that an organization or mission faces; (2) determine the level of preparedness necessary to ensure mission success; (3) facilitate strategic planning for cyber security by setting preparedness objectives; and (4) establish priorities for cyber security investment planning and management decisions. This paper presents the framework underlying the Cyber Prep methodology.