Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.
At Sense of Security, we are experienced in facilitating C2M2 assessments and will expertly guide you through the process.
No one knows for sure, who put the lights out in the Ukraine in December 2015.
Some 250,000 homes were plunged into darkness when a hacker successfully attacked the Ukrainian national power grid.
Unfortunately, while this was believed to be the first successful cyber-attack of its kind, it wasn’t the last.
The US Department of Energy and the National Institute of Standards and Technology (NIST) developed the Cybersecurity Capability Maturity Model (C2M2) in response to this devastating attack.
C2M2 aims to implement, continually improve and monitor cyber-security practices in IT and OT in the electricity, gas and oil industries.
The C2M2 can be used by businesses of any size or industry, regardless of the complexity of technology you use. It evaluates and improves all aspects of cyber security. The model is publicly available for download.
The C2M2 speaks a common language, using 4 Maturity Indication Levels (MIL) to provide an overview of your risk.
The C2M2 model describes 10 domains or cyber-security practices:
C2M2 details the activities you can implement to establish and mature your capability in each of these domains.
There are moves to adopt C2M2 as an industry benchmark in the Australian energy and utility industries.
The smartest Australian electricity service providers have performed an electricity subsector C2M2 (ES-C2M2) benchmark assessment since 2017.
While C2M2 is not a regulatory requirement, it does provide a best-practice guide for assessing cyber-security maturity and can be effectively applied to your business.
Sense of Security has facilitated several C2M2 assessments. We can align the assessment with more relevant security controls for your industry, such as ISO 27001, NIST, ASCS Essential Eight and the Information Security Manual.
At Sense of Security, we engage extensively in facilitating C2M2 assessments. While an assessment may take some months to implement, that’s a much better outcome than sitting in the dark.