Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security
Cyber Security Services

Why you need C2M2

a powerful cyber-security tool in your toolbox
The Cybersecurity Capability Maturity Model, or C2M2, is a powerful and broad-reaching tool to help you assess your business’s cyber-security maturity.

At Sense of Security, we are experienced in facilitating C2M2 assessments and will expertly guide you through the process.

What is the C2M2?

No one knows for sure, who put the lights out in the Ukraine in December 2015.

Some 250,000 homes were plunged into darkness when a hacker successfully attacked the Ukrainian national power grid.

Unfortunately, while this was believed to be the first successful cyber-attack of its kind, it wasn’t the last.

The US Department of Energy and the National Institute of Standards and Technology (NIST) developed the Cybersecurity Capability Maturity Model (C2M2) in response to this devastating attack.

C2M2 aims to implement, continually improve and monitor cyber-security practices in IT and OT in the electricity, gas and oil industries.

C2M2 and your business

The C2M2 can be used by businesses of any size or industry, regardless of the complexity of technology you use. It evaluates and improves all aspects of cyber security. The model is publicly available for download.

The C2M2 speaks a common language, using 4 Maturity Indication Levels (MIL) to provide an overview of your risk.

The C2M2 model describes 10 domains or cyber-security practices:

  • Risk management
  • Asset, change and configuration management
  • Identity and access management
  • Threat and vulnerability management
  • Situational awareness
  • Information sharing and communications
  • Event and incident response, continuity of operations
  • Supply chain and external dependencies management
  • Workforce management
  • Cybersecurity program management.

C2M2 details the activities you can implement to establish and mature your capability in each of these domains.

There are moves to adopt C2M2 as an industry benchmark in the Australian energy and utility industries.

The smartest Australian electricity service providers have performed an electricity subsector C2M2 (ES-C2M2) benchmark assessment since 2017.

Sense of Security’s C2M2 assessment

While C2M2 is not a regulatory requirement, it does provide a best-practice guide for assessing cyber-security maturity and can be effectively applied to your business.

Sense of Security has facilitated several C2M2 assessments. We can align the assessment with more relevant security controls for your industry, such as ISO 27001, NIST, ASCS Essential Eight and the Information Security Manual.

At Sense of Security, we engage extensively in facilitating C2M2 assessments. While an assessment may take some months to implement, that’s a much better outcome than sitting in the dark.

Let us guide you through a thorough C2M2 assessment.

Speak to one of our trusted cyber advisors
on 1300 922 923 or make an enquiry today.