Now that we have a model, where do we even begin?
Here's an example:
- Understand your organization's business goals.
- Identify the people, processes, products, and partners that are critical to meeting those goals:
- Executive stakeholders
- Single points of failure
- Reputation
- Manufacturing equipment and systems
- Intellectual property
- Core systems: databases, servers, networking devices
- Identify the people, processes, products, and partners that support in meeting those goals:
- Human resources
- IT helpdesk
- Program/project management office
- Remote offices
- Prioritize between critical and support.
- Move forward in the prioritized implementation of establishing the means to communicate, collaborate, and execute actions based cyber intelligence to applicable parties: