Specialist tells congress education the key to cyber security

The National Business

CYBER Security risks are real so companies must educate themselves about the threats and risks, says an expert.
Patrick Hamilton, a cyber-security specialist supporting the PNG National Cyber Security Centre, was speaking at the security congress in Port Moresby.
He said there are strategies to improving maturity in the cybersecurity space and that is an awareness on the model developed by the United States, the Cyber Security Capability Maturity Model (C2M2).
He said strategies includes assessing your current situation and from there the model that will be providing cyber security capability maturity model (C2M2).
“The next is to take action on policies, user training on solutions about the best, and most cost effective on systems and services,” he said. “And third is to adapt on test the technology and to re-assess.
“Cybersecurity Capability Maturity Model is developed by the United States Department of Energy and United States Department of Home Land Security and released in 2012.”
He said it is a self-assessment process to measure the cybersecurity maturity and to improve the organisation’s maturity and security posture.
Hamilton said it standardises assessments maturity with other organisations and prioritises plan of actions and milestones.
He said the 10 domains of C2M2 were;

  • Asset, change and configuration management (ACM);
  • Cybersecurity programme management (CPM);
  • Supply chain and external dependencies management (EDM);
  • Identity and access management (IAM);
  • Event and incident response, continuity of operations (IR);
  • Information sharing and communications (ISC);
  • Risk management (RM);
  • Situational awareness (SA);
  • Threat and vulnerability management (TVM); and
  • Workforce management.

“C2M2, you can use it in your business, you do not have to be an expert, it is self-assessment where you can then find what your baseline is.”