How do I know I'm secure?
How do I know I'm secure?
This is the driving question behind security programs. There are a lot of threats out there and twice as many ways to defend.
One solution is maturity and frameworks like the Cybersecurity Maturity Model Certification (CMMC). This model defines 3 levels with increasing cyber defense requirements at each level. It was developed by the US Department of Defense to create a set of guidelines to ensure security of unclassified, non-public government data.
Federal contractors working with government data must be certified with one of these sets of requirements based on their level of interaction. Higher value of data implies higher adversary targeting requiring higher levels of security.
Each level has increasing numbers of practices which must be applied in order to achieve compliance. This lays the roadmap for an organization to increase its security as it increases in size…and threat profile!
If you don't work with government data you might be wondering how or if this applies to you? It does, but it is rarely clear which level you should target. Target too high and you will unnecessarily spend valuable business resources. Spend too little and you will find your data on the dark web.
The Security Energy model takes this same concept and applies it to all organizations, from solopreneurs to fortune 100. The process starts with determining how much influence energy would be worth using against you and then uses a model of attack and defense techniques to identify the minimal set of controls and annual spend you need.
For smaller organizations less than 100 people (Security energy 1-3) the number of threats are finite and you can know you are secure by implementing these controls. As you get higher, the emphasis becomes more on technical prowess and having the right people which is achievable with proportionally more spend.
Regardless of your organization size, Security Energy provides a roadmap to say "I am secure."
If you are a smaller org and feel like you are overwhelmed and priced out of most security solutions, contact me today to become secure within your budget and risk profile.