The Cybersecurity Maturity Execution (CME) Framework V2.0 is conceived from WLC’s collective experience in leading, managing and implementing cybersecurity across various industries and sectors globally.
Cybersecurity Maturity Execution (CME) Framework V2.0
Cybersecurity
The primary objective of CME is to provide a common framework that is continuously updated with mappings such as the examples below:
1. Global security standards and frameworks
a) ISO/IEC 27001:2022, 27002:2022
b) NIST Cybersecurity Framework V2.0
2. Regional & country-specific legislations
a) NIS2 Directive, Implementing Regulation Annex (EU/EEA)
b) NSM Grunnprinsipper for IKT-sikkerhet V2.1 (Norway)
3. Technical standards
a) CIS Controls V8
b) CSA Cloud Controls Matrix V4.0.12
4. Industry-specific standards
a) ADHICS Standard V2 (UAE – Abu Dhabi)
b) Digital Operational Resilience Act (DORA)
CME was created to complement WLC’s experienced resources to conduct maturity assessments without the complexity of meta standards like Secure Controls Framework.
It was successfully field tested with selected clients with feedbacks incorporated into the latest version.
There are 14 key security domains with a total of 291 controls and sub-controls to ensure comprehensive coverage and assessment:
1.
Governance & Compliance
2.
Risk, Vulnerability & Threat Management
3.
Asset Management
4.
Information Management
5.
Identity & Access Management
6.
HR Security, Awareness & Training
7.
End-Point Management
8.
Cloud & Virtualised Management
9.
On-Premise Management
10.
Secure Architecture & Development
11.
Monitoring & Detection
12.
Event & Incident Management
13.
Business Continuity & Crisis Management
14.
Supply Chain Management
Cybersecurity Maturity Execution (CME) Framework V2.0
CME V2.0’s 3-tiered assessment control structure supports 4 different assessment methods from self, guided or managed assessments to full audit to suit a variety of clients needs.
