Our cyber security products span from our next gen SIEM used in the most secure government and critical infrastructure environments, to automated cyber risk reporting applications for commercial and government organisations of all sizes.
The Cyber security Capability Maturity Model (C2M2) was established in 2012 to improve the North American electricity subsector cyber security capabilities, and to understand the cyber-security posture of the grid. Since then, the model has been promoted to help organisations – regardless of size, type, or industry – evaluate, prioritise and improve their cyber resilience.
After the initial release in 2012 and a minor update in 2014, the latest version 2.0 was released in July 2021.
The C2M2 model focuses on the implementation and management of cyber security practices associated with the operation and use of information technology and operational technology assets and the environments in which they operate. The goal is to support continuous improvement and measurement of an organisation’s cyber security capabilities by effectively and consistently evaluating and benchmarking performance.
The C2M2 model includes ten groups of cyber security practices, known as ‘Domains’. An organisation’s capabilities within each of these ‘Domains’ is evaluated and mapped to one of the four defined (cumulative) ‘Maturity Indicator Levels’ (MILs) from which a plan of priorities is created and then implemented, as required. In each Domain there are a number of cyber security practices, 342 in total, spread across the 10 Domains. The practices themselves correspond to Management Objectives or Approach Objectives.
This easy to understand infographic gives an overview of the C2M2 Model, download here
The C2M2 model is not a legal imperative for any organisation. However, it was established to improve the North American utilities sector cyber resilience, consequently it is very relevant to critical infrastructure organisations regardless of jurisdiction.
The Australian Energy Sector Cyber Security Framework (AESCSF) is a cyber security capability maturity model that has been based on C2M2. It aligns with existing Australian Privacy Principles and ACSC Essential Eight Strategies to Mitigate Cyber Security Incidents. Further information can be found here.
The EU Network and Information Systems Directive (NIS Directive) became law in the UK in May 2018 via the NIS Regulations. They form the basis of the NCSC Cyber Assessment Framework (CAF), which provides guidance for organisations responsible for “vitally important services and activities”.
The operators of essential services and digital service providers in the UK are required to keep their networks and information secure and to notify security incidents to “competent authorities” when they occur. Further information about NIS Directive Compliance for Cyber Security can be found here.
Huntsman Security’s technology supports compliance monitoring across the C2M2 model domains. Key areas of capability sit within the following Domains:
Huntsman Security’s cyber security solutions operate in the most mission-critical environments. Our client base comprises critical infrastructure organisations and government departments that include defence, intelligence and law enforcement.
Read by directors, executives, and security professionals globally, operating in the most complex of security environments.