PHASE 2. PROTECT:
Critical Infrastructure Management
Mitigate persistent threats to U.S critical infrastructures that depend on Industrial Control Systems (ICS)
Leverage industry frameworks to understand the organization’s strategic profile including business objectives, policies and procedures, and security architecture to develop a Security Program Plan. The Security Program Plan will provide a foundation for organization governance, data protection, risk management, identity and access management, incident response, protective technologies, and security training.
Ensure the confidentiality, integrity, and availability of organization resources and communications by making the organization resilient to evolving cybersecurity risks by communicating organizational intelligence based on threats and business risks to effectively secure information assets and develop optimal business performance.
1 / Discovery
Understand organization risk profile through documentation reviews, evaluation of policies and procedures, and analysis of business objectives.
2 / Coordination
Establish an Integrated Project Team (IPT) to meet and maintain requirements defined by industry regulations
3 / Recommendations
Provide a Security Program Plan that bridges the gap between vulnerabilities and mitigation strategies to establish a strategic approach to organization security