CyberTOMP® (Cybersecurity Tactical and Operational Management Process) is a comprehensive and systematic framework designed to manage asset-focused cybersecurity from the tactical and operational levels of an organization. It bridges the gap left by traditional high-level cybersecurity standards—such as ISO 27001 or NIST CSF, which often lack detailed procedures for lower organizational layers. CyberTOMP® provides a methodological and procedural foundation that complements these strategic frameworks, enabling consistent and holistic cybersecurity management across departments. The framework introduces structured processes, standardized metrics, and a unified list of expected outcomes (ULEO) to quantitatively assess cybersecurity performance. It emphasizes strategic alignment, holism, and unity of action, empowering organizations to dynamically adapt to evolving cyber threats while maintaining a clear focus on protecting critical business assets and ensuring continuity of operations.
Although the CyberTOMP® framework can be applied in private-sector environments, it is especially designed and particularly useful for public organizations, which often face strong structural compartmentalization into silos, a high dependence on outsourced technical services, and a complex supply chain. CyberTOMP® addresses these challenges by incorporating specific mechanisms that facilitate coordination across functional areas, ensure holistic cybersecurity management, and integrate supply chain dependencies into tactical and operational decision-making
Due to the growing interest among many organizations in adopting the CyberTOMP® framework for holistic cybersecurity management, we have decided to consolidate the model, its guidelines, and the associated tools into a single virtual space. This will make it easier for everyone to access and contribute to the framework, as well as simplify the process of creating and releasing new versions.
This process will be somewhat challenging and will take some time. Please be patient and stay tuned.