Improving Cyber Security and Mission Assurance Via Cyber Preparedness (Cyber Prep) Levels

Deborah J. Bodeau, Richard Graubart, Jennifer Fabius-Greene
2010 2010 IEEE Second International Conference on Social Computing  
db@mitre.org), Richard Graubart (rdg@mitre.org), Jennifer Fabius Greene (jgreene@mitre.org) Executive Summary The MITRE-developed cyber preparedness (Cyber Prep) framework provides an approach for addressing the cyber threats that an organization or mission faces; determining the level of preparedness necessary to ensure mission success; facilitating strategic planning for cyber security by setting preparedness objectives; and assisting in the prioritization of cyber security investment
more » ... and management decisions. The nature of cyber threats in general -and advanced cyber threats in particular -requires a longer-term commitment from senior leadership, including vision, strategy, and investment prioritization as well as the organizational agility to respond to ever-changing tactics and techniques. This paper provides recommendations on how to characterize an organization's cyber threat environment and identifies a number of defensive tools and techniques that will provide a solid start for improving security and resiliency against advanced cyber threats. With broad adoption, the five Cyber Prep levels are expected to provide a simple and common method for assessing the degree of cyber preparedness associated with an organization and/or its components.
doi:10.1109/socialcom.2010.170 dblp:conf/socialcom/BodeauGF10 fatcat:2lclhqxhhveqhm6bnjjs23yrmu