M2 spans 17 stages and is grouped into 4 phases. It guides the process and removes the noise that is often related to creating a CyberSecurity program and focuses on true CyberSecurity Transformation. The focus moves the organization from busy work to quantifiably reducing risk.
For the Practitioner tasked with shepherding the organization through M2, an exhaustive practitioner’s guide starts as the foundation. Easing the process of collecting and making sense of disparate pieces of data, a Practitioners Workbook is also leveraged.
In the end, the Practitioner is empowered to Create:
DM – Data Mapping allows the organization to associate key granular data with other data, making collected information more powerful and meaningful to pre-built and custom dashboards and representations.
CC-Cyber Culture leverages included InfoSec Institute CyberAwareness Training to eliminate risk at a key CyberSecurity breach vector, people. CC starts with the rapid, engaging, and short training sessions. CC follows with testing progress using documented scores and Phishing simulation testing across the organization.
VAC – Vulnerability and Compliances provides the mechanisms to identify Software, hardware, and configuration based vulnerabilities through integrations and interfacing to IT Asset Management, IT-Pedia®data, Open Source Vulnerability Scanning, and SCAP Scanning.
ITAM – IT Asset Management allows for the discovery, heterogeneous data source integration, data normalization, white listing, categorization, ownership, lifecycle management, and vendor management related to hardware and software assets.
RM – Risk Management allows the organization to understand and manage the events, triggers, impacts, potential reductions, reduction progress, response plans, and documented testing of those plans.
AM – Audit Management sets the ownership, governance, schedules, and processes for auditing that the policies and controls in effect.
PM – Policy Management provides the ability to document and communicate how policy relates to organizational controls.
CM – Controls Management aligns your organization to the frameworks and regulatory controls they have voluntarily, or are required to follow.
CMO – The Cyber Management Office provides the ability to governance and manage the individual efforts your organization must execute to achieve continued improvement in CyberSecurity
M2 is the bridge between Technology, Leadership, and Process. M2 provides a standardized method to understand, implement, and work toward continued improvement in CyberSecurity
