Assessing Maturity for Cybersecurity Program Management

Before you begin read: https://www.energy.gov/sites/prod/files/2014/03/f13/C2M2-v1-1_cor.pdf

Our class focuses on integrating many different aspects of cybersecurity, information security, and information assurance.  Recent developments in the field of cybersecurity have resulted in a number of “maturity models” which can be used by external assessors to evaluate the maturity level of an organization’s cybersecurity management program.

For this discussion paper, you will need to research the Department of Energy’s Cybersecurity Maturity Model and then compare it to the NIST Cybersecurity Framework and other frameworks listed in the course readings. After you have done so, write a position paper in which you recommend a cybersecurity framework or maturity model as the basis for assessing the cybersecurity program for Padgett-Beale Financial Services. Assessments will be performed on an annual basis beginning one year after the company launches its new operations.

Your 5-7 paragraph position paper must answer the following questions (at a minimum). (You will need to write clearly and concisely to fit all required information into this restricted length.)

What approach should the organization take in developing the Cybersecurity Management program? (What standards or frameworks should be used?)
What laws and regulations must be addressed by the Cybersecurity Management Program in a financial services firm?
What are the best practices that should be put into place to assess the maturity of PBI-FS’s cybersecurity management program?

Please use the following headers to organize the paper:

Introduction

Analysis

Summary

References

Please use only website references from 2019-2021.