Motivating Organizational Cyber Strategies in Terms of PreparednessMay 2017
Download PDF (2.03 MB) As cyber threats evolve, organizations increasingly need to define their strategies for cyber security, defense, and resilience. Cyber Prep is a threat-oriented approach that allows an organization to define and articulate its threat assumptions, and to develop organization-appropriate, tailored aspects of a preparedness strategy. Cyber Prep focuses on advanced threats, but also includes material related to conventional cyber threats. Cyber Prep can be used in standalone fashion, or it can be used to complement and extend the use of other, more detailed frameworks (e.g., the NIST Cybersecurity Framework) and threat models. This paper provides detailed background on the Cyber Prep methodology, to help systems engineers and other analysts who are applying that methodology to understand its nuances and to situate it in the larger landscape of cyber strategic planning and risk management frameworks and methodologies.