Supporting Holistic Enterprise Cybersecurity Value Through Comparability Methodology Assessments.

Title: Supporting Holistic Enterprise Cybersecurity Value through Comparability MethodologyAssessments.The nuclear industry is heavily regulated and as such compliance is largely a standard andrequirement for best practice. With the evolution of cyber based attacks on our nation’s criticalinfrastructure, strictly looking at compliance is not enough to ensure that a business is notattacked. Within the risk assessment field, this is known as a comparability model. The benefitof a comparability model allows for a grey-scale risk-based approach when businesses begin toevaluate their cybersecurity best practices as opposed to compliant or not-compliant. Thiscomparability approach allows for more intelligent and business-sensitive conversations tooccur about allocation of resources, instead of percentage of compliance an enterprise is withvarious regulatory standards. The use of monochrome assessments doesn’t allow for additionalinformation to be collected and analyzed to better understand where an enterprise may bemastering their security and/or where an enterprise, while compliant, may be the lowestperformer when compared against similar organizations. This allows a conversation about whatthe desired and appropriate level of security in each area is, given known threats, businessneeds and risk tolerances. This will be approached through a weighted function thatanonymously shows comparative data as referenced by peers in a variety of areas includingprotective measures, resilience measures, and dependencies including cybersecurity focuseddependencies. Cybersecurity dependencies include data at rest, data in motion, data in processand end point systems.