December 6, 2019
|
3 Minutes

Cybersecurity Capability Maturity Model

A unique capability maturity model to assist healthcare organizations of all sizes, analyze, prioritize, and improve their cybersecurity capabilities.

Sensato developed the Cybersecurity Capability Maturity Model to assist healthcare organizations of all sizes analyze, prioritize, and improve their cybersecurity capabilities. Designed specifically for the healthcare industry, the model provides a single unified boardroom-to-basement understanding of a hospital’s cybersecurity and privacy.

Sensato’s Cybersecurity Capability Maturity Model was derived from the ‘C2M2 Maturity Model’ designed for use by the U.S. Department of Energy. The maturity model provides flexible guidance to help organizations develop and improve their cybersecurity preparedness across ten critical domains. As a result, the model tends to be at a high level of abstraction and can be interpreted for organizations of various structures and sizes while also fulfilling HIPAA assessment requirements. “We adopted the C2M2 model because of all the other assessments; this model is really comprehensive for the healthcare industry yet uncomplicated. In other words, it is easy to implement, provides a quick turn-around, and gives us a full picture of the client’s cybersecurity and privacy environment to design effective strategies”, stated Kelli Watson, Director of Solutions Delivery. 

Sensato’s cybersecurity experts conduct the Cybersecurity Capability Maturity Model program in conjunction with the organizations’ IT team over a two-day workshop. The model evaluates the following ten domains, providing measurement to help organizations identify areas of potential weakness and strengths in their security program, and formulating the foundation for a holistic cybersecurity strategy. 

  • Risk Management 
  • Asset, Change, and Configuration Management 
  • Identity and Access Management                                                                    
  • Threat and Vulnerability Management
  • Situational Awareness 
  • Information Sharing and Communications
  • Event and Incident Response and Continuity of Operations
  • Supply Chain and External Dependencies Management
  • Workforce Management
  • Cybersecurity Program Management 

Methodology

During the workshop, hospitals receive a threat intelligence briefing and discuss overall cybersecurity best practices. Sensato then guides the IT team through the maturity model tool that encompasses the ten critical domains. Once the workshop concludes, Sensato analyzes the findings and crafts a custom set of reports, recommendations, and strategies specific to the organization. The Sensato team also provides a detailed synopsis that helps the organization determine its next steps and the overall plan.  

Sensato’s Cybersecurity Capability Maturity Model program includes several outcome components.

Findings Report: 

A custom report, which analyzes the findings from the workshop, is presented to the client. The report includes results by domain and provides specific guidance on how to address gaps and immature practices.

Strategic Recommendations: 

One of the most valuable outcomes of the Sensato Cybersecurity Capability Maturity Model is the strategic recommendations component. These are not simple recommendations, but the basis of a plan prioritizing specifics to the organization. Sensato’s strategic recommendations consider the organization’s economics, maturity levels, and risk levels to provide a solid foundation for strategic planning.

Blueprinting:

This interactive planning session walks the client through the findings, represented through a dashboard (shown below), and strategic recommendations. The dashboard is a critical asset that enables the facility not only the understanding but also builds the foundation for dialogue, prioritization of investments, tactical and strategic planning, and much more. Sensato includes two planning sessions, allowing the client to hold a conference with the overall team and board/executive committee.

The maturity model is truly designed to provide a board room-to-basement understanding of organizations’ cybersecurity preparedness and capabilities. The model is beneficial in providing a focused effort in the ten domains where the clients need to make improvements within their hospitals. “What I commonly see among our customers is that they find the dashboard very useful. It is a visual representation of the assessment that helps them summarize the weakness and strengths as well as present the outcomes to their team and executive leadership”, stated Kelli.

To learn more about the program, please contact us
Urgent/11 – What Happened?
Learn what devices are vulnerable regarding the 11 vulnerabilities discovered in VxWorks, as well as how these attacks occur, and what you need to consider.
Medical Device Security—What You Need to Know
Cybersecurity Threats Continue to Find Vulnerabilities in Healthcare
Staying Ahead as Cyberattacks Evolve
Is it possible to outpace and outsmart cyberattackers? It depends on your tech…(Hint: take a page from the attackers).