Constructing a Cyber Preparedness Framework (CPF): The Lockheed Martin Case Study

The protection of sensitive data and technologies is critical in preserving United States (U.S.) national security and minimizing economic losses. However, during a cyber attack, the operational capability to constrain the exfiltrations of sensitive data and technologies may not be available. A cyber preparedness methodology (CPM) can improve operational capability and cyber security. The CPM enables a corporation to (a) characterize cyber threats; (b) determine the level of preparedness necessary to ensure mission success; (c) facilitate strategic planning for cyber security (CS); and (d) establish priorities for CS investment planning and management decisions. The cyber preparedness framework (CPF) underlies the CPM. A corporation's leadership articulates its fundamental approach to risk management (RM) and mission assurance, and determines its target level of preparedness. Typically, corporations utilize the CPF to (a) characterize the caliber of the threat; (b) assess the technical and operational capabilities to counter the threat; and (c) develop the governance and processes necessary to achieve its cyber preparedness level.;The problem that was investigated in this case study was how to construct a CPF for Lockheed Martin (LM) that works in conjunction with a risk management process (RMP). The goal was to extend the CPF into an RMP to construct a risk management framework (RMF) paradigm that can aid similarly large-sized private sector U.S. Government (USG) contractors in implementing the CPM. In this investigation, the author identified the corporate (a) security categorization, (b) cyber threats, (c) cyber threat level, (d) cyber preparedness level, (e) capabilities the corporation should utilize to counter cyber threats, and (f) governance and processes necessary to achieve the cyber preparedness level for a large-sized private sector USG contractor. The results of this investigation were organized in terms of RMP phases. Based on the results, the author constructed an RMF paradigm that can aid similarly large-sized USG contractors in implementing a CPM.