Data on measuring cybersecurity performance (2022)

Data on measuring cybersecurity performance (2022)

The National Institute of Standards and Technology (NIST) provides a Cybersecurity Framework (CSF) for benchmarking and measuring the maturity level of cyber security programs across all industries. The City uses this framework and toolset to measure and report on its internal cyber security program.The foundation for this measure is the Framework Core, a set of cybersecurity activities, desired outcomes and applicable references that are common across critical infrastructure/industry sectors. These activities come from the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) published standard, along with the information security and customer privacy controls it references (NIST 800 Series Special Publications). The Framework Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level.  The Framework Core consists of five concurrent and continuous functions – identify, protect, detect, respond, and recover.  When considered together, these functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk.  The Framework Core identifies underlying key categories and subcategories for each function, and matches them with example references, such as existing standards, guidelines and practices for each subcategory. This page provides data for the Cybersecurity performance measure.Cybersecurity Framework (CSF) scores by each CSF category per fiscal year quarter (Performance Measure 5.12)The performance measure dashboard is available at 5.12 Cybersecurity.Additional InformationSource: Maturity assessment / Scott CampbellContact E-Mail: Scott_Campbell@tempe.govData Source Type: ExcelPreparation Method: The data is a summary of a detailed and confidential analysis of the city’s cyber security program. Maturity scores of subcategories within NIST CFS are combined, averaged and rolled up to a summary score for each major category.Publish Frequency: AnnualPublish Method: ManualData Dictionary

# Load necessary libraries

# Given data
data <- data.frame(
  Control_Name = c("Access Control", "Awareness and Training", "Audit and Accountability", "Assessment, Authorization, and Monitoring", "Configuration Management", "Contingency Planning", "Identification and Authentication", "Incident Response", "Maintenance", "Media Protection", "Phyical and Environmental Protection", "Planning", "Program Management", "Personnel Security", "PII Processing and Transperancy", "Risk Assessment", "System and Services Acquisition", "System and Communication Protection", "System and Information Integrity", "Supply Chain Risk Management"),
  Compliance_Score = c(18, 23, 32, 71, 77, 76, 21, 68, 48, 41, 66, 45, 80, 83, 67, 67, 54, 60, 67, 61)

# Create an interactive bar plot using plotly
plot <- plot_ly(data, x = ~Control_Name, y = ~Compliance_Score, type = 'bar', color = I("royalblue")) %>%
  layout(title = "Data on measuring cybersecurity performance",
         xaxis = list(title = "Control Name"),
         yaxis = list(title = "Compliance Score"))

# Display the plot



Leave a Reply

Your email address will not be published. Required fields are marked *