Genuine Parts Company determined that its initial cyber maturity assessment needed to create a baseline against a common framework that aligns with NIST CSF and the ISO 27001 controls. Genuine Parts needed to assess multiple units, demonstrate maturity that was aligned with the NIST CSF, and specifically focus on demonstrating maturity performance in managing risk; not just compliance-based.
原装配件定制 CMMI网络成熟度平台 to target these specific areas for improvement in their assessment.
- 应用治理元素
- 运用风险策略
- 实施风险管理
- 实施风险识别
- 确保访问控制管理
- 应用数据安全保护
- 进行组织培训
- 确保系统可靠
- Apply operational protection provisions
- 应用保护规划
- Apply protective technology provisions
- Apply cybersecurity incident detection
- 应用连续监控
- 应用事件响应
- 应用事件处理
- 应用事件恢复
解决方案
Genuine Parts selected the CMMI网络成熟度平台 because of its alignment with globally recognized standards, particularly the NIST Cyber Security Framework (CSF), as it is already an industry benchmark with risk-based controls, as well as its Informative References and alignments across the 20 CIS (Center for Internet Security®)网络安全控制, COBIT的控制, ISA–62443-2-1–2009 (Security for Industrial Automation and Control Systems), ISO/IEC 27001信息安全控制, and the federal controls NIST SP 800-53 Rev. 4 -1提供额外的效用. 成功, Genuine Parts determined that its initial CMMI网络成熟度平台 maturity assessment model be:
- 数字
- 基于风险的
- 提供风险概况/地图
- 易于使用
- 可定制的
- 自学
- Align to the NIST Cyber Security Framework (CSF)
- Align to the ISO 27001 Controls for ease of self-assessment and improvement
- Produce a roadmap for improvement
As Genuine Parts developed its customized risk profile, the descriptors for each frequency of occurrence values led to invaluable discussions among the Genuine Parts senior leaders. 没有这些定义, calibrating their current state and then defining improvement goals would have been nearly impossible.
除了, using the CMMI网络成熟度平台 Maturity Scorecard within each Practice Area Assessment allowed employees to review and understand the People, 过程, and Technology (PPT) objective for each maturity level, and its relative ISO 27001 Informative Reference by Maturity Level. This view provided specific insights for measured vs. targeted maturity levels—an eye-opening experience and a rallying cry for achieving continuous improvement.
已达成的主要绩效目标
While the Genuine Parts Company 澳门赌场官方下载 Security Team could not control the number of security incident tasks it received, it could control how it handled their resolution in a more efficient and timely manner.
Since the CMMI网络成熟度平台 self-assessment in January 2020, they have:
- Reduced Mean Time to Task Resolution (MTTR) from nearly 24 days (23.9) over the previous three quarters to an average of 6.5 days for the first two quarters in 2020
- Decreased the range of Backlog Days for Tasks from as high as 117 days during the previous three quarters, to a low of six days for the first two quarters in 2020
编者按: 阅读全文 正品零件案例研究. 额外的 网络成熟度方面的资源; including a video on how ISACA’s CMMI® Cybermaturity平台 helps CISOs, CIOs, and large enterprise organizations build cyber maturity, visit ISACA’s cyber maturity page.
