AS CONFLICTS CONTINUE, THIS AREA IS CURRENTLY SUBJECT TO HEAVY EDITS AS THE CYBER-SITUATION CHANGES.
There are many other considerations in establishing a “Manufacturer’s Wartime Footing”. The intent of the initiative is to provide guidance to the California Manufacturing Community (Although anyone can leverage this).
There are two focus areas of the Zero-Clear Initiative, being Delivery, and Implementation.
Delivery:
Delivery focusses on how CMTC will provide the guidance.
- Level 1 consists of an impersonal relationship, using fixed assets such as this portal, blogs, vlogs, podcasts, and other methods leveraging a 1 to Many relationship.
- Level 2 involves a 1 to Many relationship, but it is personal in nature. Whether it be live delivery in person, or provided via Zoom or similar, you will have a live instructor (Not previously recorded) that can field questions, tell stories of experience, and other tools that can provide better results than what Level 1’s nature can provide.
- Level 3 is personal, one to one service from a CMTC Subject Matter Expert on all aspects of the Zero-Clear program. We will walk through each of the use cases, provide baseline solutions, and help the client organization identify reasons for why the baseline will or wont work, and further solution if a one-off is necessary.
There is no difference in the nature of the guidance, just the delivery method. Of course, the higher involvement of delivery resources at Levels 2 and 3 often provide a more complete the understanding will be on the receivers end, but even at level 1, you’ll have the concepts at each Implementation Tier.
Our stance on this is that this effort is that it’s too important to hide it behind any type of paywall at the base level.
Implementation
Tier 3 – Very small impact to an organization who is implementing at this level, but provides potentially significant increases in security posture to the organization, depending on the current security posture of the organization. Solutions are geared towards being able to be implemented in short order, and often same day by an implementer with a skillset similar to A+, N+, S+, or similar.
Tier 2 – Moderate impact to an organization who is implementing at this level, but provides potentially a perfect balance between VERY good security posture, without seemingly disconnecting from the Internet and/or causing a complete re-write of the way you do business. Solutions are geared towards being able to be implemented in reasonable order, and often within the weeks to months timeline an implementation team with a skillset similar to MCSE, CCDP, or similar. This team will often include seasoned, battle-hardened engineers with application, systems, network, and security training and experience. These are not coders, but engineers. There is no custom-coding involved with this level.
Tier 1 – High impact to an organization who is implementing at this level, but provides unparalleled security posture in protecting information. This level WILL impose significant changes in organizational policy, operational procedures, and technical controls, tools and configurations to support a VERY resilient target for even the most determined and resourceful adversaries. Solutions do have baselines but EACH part needs to be qualified for completeness of vision and completeness of implementation as it relates to the specific organization, and their specific primary use-case(s), leveraged peripheral use cases. Architecture, engineering, and implementation teams should include multiple thought-leaders at every level in order to “fully bake” the entirety of the use case, at every level.
These teams will often include certifications and degrees such as PhD, CISSP, CCIE, GISP, and the absolute best thought minds in the industry. There is no substitute for the best of the brightest, in mass.
Engagement: Please reach out to your CMTC Client Advisor or to the CMTC Cyberteam leadership directly at info@cmtc.com with questions.