CYBER RESILIENCE ROADMAP

GM-CGC MANUFACTURING CYBER RESILIENCE ROADMAP

OPERATIONALIZING CYBER RESILIENCE

To manage cyber risk in a cost-effective manner based on business requirements, leveraging cybersecurity best practice standards, frameworks practices, and guidance documents as foundational baselines , the Global Manufacturing Cyber Governance Center operationalizes Manufacturing Sector-Specific Cyber Resilience by providing the expertise, resources, tools, templates, technologies, and workforce education to operationalize cyber resilience.

Working directly with Manufacturing Stakeholders and their respective supply chains, the GM-CGC Manufacturing Cyber Resilience Roadmap (MCRR) tool (2017) helps guide an organization in improving cybersecurity and thereby enabling the sustainability of security and resilience. The roadmap supports all manufacturing organizations, regardless os size or cybersecurity sophistication, or whether an organization has a mature risk management program and processes managed by a governance structure.

  • Risk Management Principles, Best Practices, and Proven Processes
  • Common Lexicon to Address and Manage Cyber Risk
  • Manufacturing Sector-Specific Governance Structure to Understand and Apply Cybersecurity Risk Management
  • Assess Organizational Current Cybersecurity Posture
  • Map to the Manufacturing Cyber Resilience Targeted Posture – Identifying Gaps and Prioritizing Opportunities for Improvement
  • Communicate Organizational Cybersecurity Poster to Internal and External Stakeholders (Customers, Regulators, Investors, Policymakers)
  • Position the Organization to Receive More Attractive Cybersecurity Insurance Coverage – Demonstrating Use of Sound Cybersecurity Practices
  • Provide the Organization with the Mechanism to Demonstrate a Proven Track Record of Implementing and Continuously Evaluating Risk-Based Cyber Management Practices
  • Benefit from a Highly Skilled Cyber Workforce – A Better Understanding of Required Technical Capabilities, Skills Needed – Guiding Recruiting, Workforce Design, and Training

IMPLEMENTING & DISTILLING THE FIVE CORE FUNCTIONS OF CYBERSECURITY

<strong>Identify</strong> - Lay the foundation - Identify Systems, Assets, Data, Capabilities and other foundational elements critical to the organization.)
Define and Document Supply Chain Ecosystem
Define & Communicate Cyber Resilience Priorities for Critical Services (Risk Management Strategy; Security Policies, Protocols, Programs; Regulatory Requirements; and Cyber Threat Information Sharing and Response - Joining the Global Manufacturing ISAO).

CORE ACTIVITIES

Prioritize & Scope
Orient
Current Cyber Resilience Profile
Risk Assessment
Target Cyber Resilience Profile
Analyze / Prioritize Gaps
Action Plan

Prioritize & Scope

Business/Mission Objectives/Priorities

Cybersecurity Risks/Vulnerabilities

Organizational Components

Orient

Systems/Assets/Requirements

Risk Management Approaches

Evaluate Current Risk Management

Evaluate Current Cybersecurity Posture

Create Cyber Resilience Profile

Current Approaches

Leverage Evaluations/Audits

Current Tools, Standards, Processes

Detect

Anomalies and Events

Security Continuous Monitoring

Detection Processes

Respond

Communications

Analysis

Mitigation

Improvements

Recover

Recovery Planning

Improvements

Communications