ARC View, Page 2
©2018 ARC • 3 Allied Drive • Dedham, MA 02026 USA • 781-471-1000 • ARCweb.com
Vulnerability Management in ARC's Industrial
Cybersecurity Maturity Model
ARC developed its Industrial Cybersecurity Maturity Model to help man-
agers understand their ICS cybersecurity challenges without having to
become cybersecurity experts. The model is also an effective tool for com-
municating the importance of continuous vulnerability management.
ARC ICS Cybersecurity Maturity Model
ARC's Industrial Cybersecurity Maturity Model breaks cybersecurity into a
set of steps that can progressively reduce cyber risks. Each step adds an ad-
ditional layer of security to the foundation provided by all previous steps.
Defense-in-depth is achieved by addressing specific, easily understandable
security issues. These include maintaining accurate inventory of and secur-
ing individual devices, defending plants from external attacks, containing
malware in control system environments, and monitoring systems for and
addressing known vendor-identified vulnerabilities rapidly and in real
time. Each step has an associated set of actions and technologies that can be
used to accomplish its goals.
The ARC model also shows the human resources and tools required to uti-
lize and sustain cybersecurity technology investments effectively.
Technology investments that exceed an organization's resource capabilities
are wasteful, as security benefits quickly erode without constant mainte-
nance.