Overview

A holistic framework for asset‑focused cybersecurity management in the Public Sector

CyberTOMP® (Cybersecurity Tactical–Operational Management Process) is a framework designed to help organizations, particularly in the Public Sector, manage and evaluate cybersecurity in a holistic, asset‑focused way. It bridges the gap between strategic standards and the tactical/operational levels where cybersecurity actions truly take place.

What is CyberTOMP®?

CyberTOMP® is a systematic methodology that:

  • Uses the business asset as the basic unit of reference for cybersecurity.
  • Provides procedural guidance for tactical and operational levels, ensuring alignment with strategic goals.
  • Enables holistic management, integrating people, processes, technology, and supply chains.

What is it used for?

CyberTOMP® is applied to:

  • Evaluate cybersecurity posture across critical assets.
  • Guide decision‑making with clear metrics and proportional effort based on asset criticality.
  • Facilitate collaboration among multidisciplinary teams and external providers.
  • Support supply chain security, extending cybersecurity requirements to outsourced services.

Key Differentiators

  • Asset‑centric approach: Focuses on protecting what truly matters: the business asset.
  • Holistic integration: Breaks organizational silos, ensuring unity of action across departments and supply chains.
  • Compatibility with standards: Works independently yet aligns seamlessly with existing strategic frameworks (e.g., ISO 27001, NIST, CIS CDM).
  • Procedural body: Offers detailed processes, roles, responsibilities, and metrics for tactical and operational levels.
  • Optimization algorithms: Incorporates technologies, like genetic algorithms, to calculate feasible cybersecurity states quickly and efficiently.
  • Practical tools: Includes tools, like FLECO Studio, a lightweight, open‑source software that makes implementation tangible and user‑friendly and also helps to improve the cyber situational awareness of the team.
  • Supply chain coverage: Extends cybersecurity management to outsourced SOC services and external providers.

CyberTOMP® transforms cybersecurity from a fragmented set of practices into a coherent, measurable, and collaborative framework, empowering organizations to face evolving cyber threats with confidence.