Tier 1 - Partial: There is limited awareness of cybersecurity risk at the organizational level and an organization-wide approach to managing cybersecurity risk has not been established. Organization may not have the processes in place to participate in coordination or collaboration with other entities.
Tier 2 - Risk Informed: There is an awareness of cybersecurity risk at the organizational level but an organization-wide approach to managing cybersecurity risk has not been established. The organization knows its role in the larger ecosystem, but has not formalized its capabilities to interact and share information externally.
Tier 3 - Repeatable: There is an organization-wide approach to manage cybersecurity risk. The organization understands its dependencies and partners and receives information from these partners that enables collaboration and risk-based management decisions within the organization in response to event.
Tier 4 - Adaptive: There is an organization-wide approach to managing cybersecurity risk that uses risk-informed policies, processes, and procedures to address potential cybersecurity events. The organization manages risk and actively shares information with partners to ensure that accurate, current information is being distribute and consumed to improve cybersecurity before a cybersecurity event occurs.
The Greater Houston Partnership Salutes Our Executive Partners