SlideShare a Scribd company logo

C2M2 V2.1 Overview Presentation -- July 2023.pptx

Download as PPTX, PDF
A
AbinashMishra78

asdfghjklqwer sdfgsdfg sdfgsdfgsdbsdf sdfgsdfg

Engineering
1 of 10
Download to read offline
1
2
3
4
5
6
7
8
9
10
Cybersecurity Capability Maturity Model (C2M2) Version 2.1 Overview
C2M2 Version 2.1 Overview - 2 - The C2M2 is a free tool to help organizations evaluate their cybersecurity capabilities and optimize their security investments. • Designed for any organization regardless of ownership, structure, size, or industry • Uses a set of 350+ industry-vetted cybersecurity practices focused on both information technology (IT) and operations technology (OT) assets and environments • Results help users prioritize cybersecurity investment decisions based on their risk • Developed in 2012 and maintained through an extensive public-private partnership between the U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response and numerous government, industry, and academic organizations • Recent updates in 2022 reflect new technologies, threats, and practices
Benefits of Using the C2M2 Planning Evaluating Maturity model structure facilitates cybersecurity program planning and target-setting Enables consistent evaluation of cybersecurity capabilities and tracking of progress over time Prioritizing Reporting Helps companies prioritize actions and investments for cybersecurity improvements C2M2 assessment tools produce views of cybersecurity program status that can be used in reporting - 3 -
Key Features of the C2M2 Area Description Maturity Model The C2M2 consists of cybersecurity practices that are organized into three progressive levels of cybersecurity maturity. Management Activities Management activities measure the extent to which cybersecurity is ingrained in an organization’s culture. Specificity The C2M2 is descriptive, not prescriptive. Practice statements focus on outcomes that may be implemented through any number of measures. Scoping The C2M2 may be applied to an entire enterprise or to individual parts of the enterprise to enable users to select an appropriate level of granularity. Usability A C2M2 self-evaluation can be completed in one-day using a free tool that securely records results and generates a detailed, graphical report. - 4 -
What is a Maturity Model? • A Crawl/Walk/Run-style set of characteristics, practices, or processes that represent the progression of capabilities in a particular discipline. • A tool to benchmark current capabilities and identify goals and priorities for improvement. - 5 -
Model Organized by 10 Domains - 6 - • Domains are logical groupings of cybersecurity practices • Each domain has a short name for ease of reference ASSET Asset, Change, and Configuration Management THREAT Threat and Vulnerability Management RISK Risk Management ACCESS Identity and Access Management SITUATION Situational Awareness RESPONSE Event and Incident Response, Continuity of Operations THIRD-PARTIES Third-Party Risk Management WORKFORCE Workforce Management ARCHITECTURE Cybersecurity Architecture PROGRAM Cybersecurity Program Management
Model Structure - 7 - Model contains 10 domains Multiple approach objectives in each domain Unique to each domain One per domain Similar in each domain Approach objectives are supported by a progression of practices that are unique to the domain Each management objective is supported by a progression of practices that are similar in each domain and describe institutionalization activities Model Domain Approach Objectives Practices at MIL1 Practices at MIL2 Practices at MIL3 Management Objectives Practices at MIL2 Practices at MIL3
C2M2 Adoption by Sector Since 2012, DOE has responded to more than 2,400 requests for the C2M2 PDF-Based Self- Evaluation Tool from owners and operators in U.S. critical infrastructure sectors and from international partners. - 8 - C2M2 Tool Requests By U.S. Sector Data current as of March 2023
C2M2 Version 2.1 Resources Visit energy.gov/c2m2, c2m2.doe.gov, or email C2M2@hq.doe.gov for more information. - 9 - Model Document Introduces the model practices, key concepts, and how to use the model Self-Evaluation Tools The tool, available on two platforms, offers interactive features and help text, allows users to securely record results, and automatically generates a detailed, graphical report Self-Evaluation Guide Guides users to plan and facilitate a self-evaluation workshop with key participants in their organization Self-Evaluation Workshop Kickoff Presentation Supports planning for a self-evaluation workshop Self-Evaluation Cheat Sheet Offers a placemat-style reference guide for participants during a self- evaluation
Thank You

More Related Content

PPTX
C2M2 V2.1 Self-Evaluation Workshop Kickoff Presentation -- July 2023.pptx
ZharfanHanif
 
PDF
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
ssuser7b150d
 
PPTX
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
ssusere84743
 
PPTX
Cybersecurity Capability Maturity Model (C2M2)
Maganathin Veeraragaloo
 
PDF
Cyber security maturity model- IT/ITES
Priyanka Aash
 
PPTX
Security-Invest Where it Matters Most
InnoTech
 
PDF
Helping Utilities with Cybersecurity Preparedness: The C2M2
Smart Grid Interoperability Panel
 
PPTX
DMSS PPT123456789012345678912348975.pptx
mazumderdevangshu
 
C2M2 V2.1 Self-Evaluation Workshop Kickoff Presentation -- July 2023.pptx
ZharfanHanif
 
Cybersecurity Capability Maturity Model Self-Evaluation Report Jan 27 2023.pdf
ssuser7b150d
 
C2M2 V2.1 Self-Evaluation Workshop Kickoff.pptx
ssusere84743
 
Cybersecurity Capability Maturity Model (C2M2)
Maganathin Veeraragaloo
 
Cyber security maturity model- IT/ITES
Priyanka Aash
 
Security-Invest Where it Matters Most
InnoTech
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Smart Grid Interoperability Panel
 
DMSS PPT123456789012345678912348975.pptx
mazumderdevangshu
 

Similar to C2M2 V2.1 Overview Presentation -- July 2023.pptx (20)

PDF
Certified Cybersecurity Compliance Professional.PREVIEW.pdf
GAFM ACADEMY
 
PPTX
Cyber Threats Awareness, Prevention, and Defense - DigitDefence
yams12611
 
PPTX
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
John D. Johnson
 
PDF
Hewlett-Packard Enterprise- State of Security Operations 2015
Kim Jensen
 
PDF
Credit Union Cyber Security
Stacy Willis
 
PPTX
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
robbiesamuel
 
DOCX
Information Security Assurance Capability Maturity Model (ISA-.docx
lanagore871
 
PPTX
Build and Information Security Strategy
Info-Tech Research Group
 
PPTX
Build an Information Security Strategy
Andrew Byers
 
PPTX
Cybersecurity Frameworks and You: The Perfect Match
McKonly & Asbury, LLP
 
PDF
Cybersecurity PowerPoint Presentation Slides
SlideTeam
 
PDF
Smart Grid Maturity Model
Durga Telaprolu
 
PDF
Hp arc sight_state of security ops_whitepaper
rickkaun
 
PPTX
Draft_ppt_dmss[1][2] (1) FINAL123455667.pptx
mazumderdevangshu
 
PDF
Today's Cyber Challenges: Methodology to Secure Your Business
JoAnna Cheshire
 
PDF
Holistic Cybersecurity_September 21, 2022_FV.pdf
DrDaveChatterjee
 
PDF
Cybersecurity Powerpoint Presentation Slides
SlideTeam
 
PDF
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
osikalopex47
 
PDF
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
foxyyhqlcu515
 
PPTX
defensible_security-executive_support-sample.pptx
margueritemcleod1
 
Certified Cybersecurity Compliance Professional.PREVIEW.pdf
GAFM ACADEMY
 
Cyber Threats Awareness, Prevention, and Defense - DigitDefence
yams12611
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
John D. Johnson
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Kim Jensen
 
Credit Union Cyber Security
Stacy Willis
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
robbiesamuel
 
Information Security Assurance Capability Maturity Model (ISA-.docx
lanagore871
 
Build and Information Security Strategy
Info-Tech Research Group
 
Build an Information Security Strategy
Andrew Byers
 
Cybersecurity Frameworks and You: The Perfect Match
McKonly & Asbury, LLP
 
Cybersecurity PowerPoint Presentation Slides
SlideTeam
 
Smart Grid Maturity Model
Durga Telaprolu
 
Hp arc sight_state of security ops_whitepaper
rickkaun
 
Draft_ppt_dmss[1][2] (1) FINAL123455667.pptx
mazumderdevangshu
 
Today's Cyber Challenges: Methodology to Secure Your Business
JoAnna Cheshire
 
Holistic Cybersecurity_September 21, 2022_FV.pdf
DrDaveChatterjee
 
Cybersecurity Powerpoint Presentation Slides
SlideTeam
 
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
osikalopex47
 
(eBook PDF) Effective Cybersecurity: A Guide to Using Best Practices and Stan...
foxyyhqlcu515
 
defensible_security-executive_support-sample.pptx
margueritemcleod1
 
Ad

Recently uploaded (20)

PPTX
24AI201_AI_Unit_4 (1).pptx Artificial intelligence
240612cs
 
PDF
Unit 5 Alignment of Tunnel in Civil .pdf
D. Y. Patil College of Engineering & Technology, Kolhapur, Maharastra, India
 
PPTX
The-Looming-Shadow-How-AI-Poses-Dangers-to-Humanity.pptx
shravanidabhane8
 
PPTX
Practice Questions on recent development part 1.pptx
JaspalSingh402
 
PDF
Structs to JSON How Go Powers REST APIs.pdf
Emily Achieng
 
PPTX
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PPTX
AgentX UiPath Community Webinar series - Delhi
RohitRadhakrishnan8
 
PPTX
“Next-Gen AI: Trends Reshaping Our World”
dikshendrasarpate2
 
PDF
오픈소스 LLM, vLLM으로 Production까지 (Instruct.KR Summer Meetup, 2025)
Hyogeun Oh
 
PPTX
MET 305 MODULE 1 KTU 2019 SCHEME 25.pptx
VinayB68
 
PDF
Unit 4 Tunnel Engineering in Civil .pdf
D. Y. Patil College of Engineering & Technology, Kolhapur, Maharastra, India
 
PPTX
Unit 5 BSP.pptxytrrftyyydfyujfttyczcgvcd
ghousebhasha2007
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PDF
composite construction of structures.pdf
AinieButt1
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
PPTX
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
24AI201_AI_Unit_4 (1).pptx Artificial intelligence
240612cs
 
Unit 5 Alignment of Tunnel in Civil .pdf
D. Y. Patil College of Engineering & Technology, Kolhapur, Maharastra, India
 
The-Looming-Shadow-How-AI-Poses-Dangers-to-Humanity.pptx
shravanidabhane8
 
Practice Questions on recent development part 1.pptx
JaspalSingh402
 
Structs to JSON How Go Powers REST APIs.pdf
Emily Achieng
 
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
AgentX UiPath Community Webinar series - Delhi
RohitRadhakrishnan8
 
“Next-Gen AI: Trends Reshaping Our World”
dikshendrasarpate2
 
오픈소스 LLM, vLLM으로 Production까지 (Instruct.KR Summer Meetup, 2025)
Hyogeun Oh
 
MET 305 MODULE 1 KTU 2019 SCHEME 25.pptx
VinayB68
 
Unit 4 Tunnel Engineering in Civil .pdf
D. Y. Patil College of Engineering & Technology, Kolhapur, Maharastra, India
 
Unit 5 BSP.pptxytrrftyyydfyujfttyczcgvcd
ghousebhasha2007
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
composite construction of structures.pdf
AinieButt1
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
Ad

C2M2 V2.1 Overview Presentation -- July 2023.pptx

  • 1. Cybersecurity Capability Maturity Model (C2M2) Version 2.1 Overview
  • 2. C2M2 Version 2.1 Overview - 2 - The C2M2 is a free tool to help organizations evaluate their cybersecurity capabilities and optimize their security investments. • Designed for any organization regardless of ownership, structure, size, or industry • Uses a set of 350+ industry-vetted cybersecurity practices focused on both information technology (IT) and operations technology (OT) assets and environments • Results help users prioritize cybersecurity investment decisions based on their risk • Developed in 2012 and maintained through an extensive public-private partnership between the U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response and numerous government, industry, and academic organizations • Recent updates in 2022 reflect new technologies, threats, and practices
  • 3. Benefits of Using the C2M2 Planning Evaluating Maturity model structure facilitates cybersecurity program planning and target-setting Enables consistent evaluation of cybersecurity capabilities and tracking of progress over time Prioritizing Reporting Helps companies prioritize actions and investments for cybersecurity improvements C2M2 assessment tools produce views of cybersecurity program status that can be used in reporting - 3 -
  • 4. Key Features of the C2M2 Area Description Maturity Model The C2M2 consists of cybersecurity practices that are organized into three progressive levels of cybersecurity maturity. Management Activities Management activities measure the extent to which cybersecurity is ingrained in an organization’s culture. Specificity The C2M2 is descriptive, not prescriptive. Practice statements focus on outcomes that may be implemented through any number of measures. Scoping The C2M2 may be applied to an entire enterprise or to individual parts of the enterprise to enable users to select an appropriate level of granularity. Usability A C2M2 self-evaluation can be completed in one-day using a free tool that securely records results and generates a detailed, graphical report. - 4 -
  • 5. What is a Maturity Model? • A Crawl/Walk/Run-style set of characteristics, practices, or processes that represent the progression of capabilities in a particular discipline. • A tool to benchmark current capabilities and identify goals and priorities for improvement. - 5 -
  • 6. Model Organized by 10 Domains - 6 - • Domains are logical groupings of cybersecurity practices • Each domain has a short name for ease of reference ASSET Asset, Change, and Configuration Management THREAT Threat and Vulnerability Management RISK Risk Management ACCESS Identity and Access Management SITUATION Situational Awareness RESPONSE Event and Incident Response, Continuity of Operations THIRD-PARTIES Third-Party Risk Management WORKFORCE Workforce Management ARCHITECTURE Cybersecurity Architecture PROGRAM Cybersecurity Program Management
  • 7. Model Structure - 7 - Model contains 10 domains Multiple approach objectives in each domain Unique to each domain One per domain Similar in each domain Approach objectives are supported by a progression of practices that are unique to the domain Each management objective is supported by a progression of practices that are similar in each domain and describe institutionalization activities Model Domain Approach Objectives Practices at MIL1 Practices at MIL2 Practices at MIL3 Management Objectives Practices at MIL2 Practices at MIL3
  • 8. C2M2 Adoption by Sector Since 2012, DOE has responded to more than 2,400 requests for the C2M2 PDF-Based Self- Evaluation Tool from owners and operators in U.S. critical infrastructure sectors and from international partners. - 8 - C2M2 Tool Requests By U.S. Sector Data current as of March 2023
  • 9. C2M2 Version 2.1 Resources Visit energy.gov/c2m2, c2m2.doe.gov, or email [email protected] for more information. - 9 - Model Document Introduces the model practices, key concepts, and how to use the model Self-Evaluation Tools The tool, available on two platforms, offers interactive features and help text, allows users to securely record results, and automatically generates a detailed, graphical report Self-Evaluation Guide Guides users to plan and facilitate a self-evaluation workshop with key participants in their organization Self-Evaluation Workshop Kickoff Presentation Supports planning for a self-evaluation workshop Self-Evaluation Cheat Sheet Offers a placemat-style reference guide for participants during a self- evaluation