Cybersecurity Program Maturity Assessments

Cybersecurity Assessment Services

Cybersecurity Audit:
The objective of a cybersecurity audit is to provide management with an evaluation of the effectiveness of cybersecurity processes, policies, procedures, governance and other controls. The review will focus on cybersecurity standards, guidelines and procedures as well as the implementation of these controls. The audit/assurance review will rely upon other operational audits of the incident management process, configuration management and security of networks and servers, security management and awareness, business continuity management, information security management, governance and management practices of both IT and the business units, and relationships with third parties.

Cybersecurity Maturity Assessment:
A Cybersecurity Maturity Assessment is designed to assist a company in understanding the gaps that exist between their present and ideal future state for protecting digital assets.  Some of the key steps in our gap analysis process are:

• Establish scope – Explicitly define the scope of the work to be performed, including the infrastructure components, hardware software, and locations.

• Identify, collect, and review – Gather and evaluate against industry best practices all current documentation including policies, procedures standards and guidelines.   

• Corroborate – Interview, discuss, and engage relevant stakeholders to understand and document how business and IT processes are aligned with the cybersecurity program. 

• Designate gaps – Document and formalize the gaps identified and make comparisons between your current security practices and the goals identified during the scoping phase.  Work with primary contacts and subject matter experts to finalize a prioritized list of gaps.

• Present gaps – Make presentations to stakeholders to discuss the prioritized list of gaps identified during the assessment and provide advice on the steps required to attain the optimum level of security.

 
Threat Modeling Consultation:
Threat modeling is a structured process through which IT pros can identify potential security threats and vulnerabilities, quantify the seriousness of each, and prioritize techniques to mitigate attack and protect IT resources.  Threat modeling is geared toward accomplishing the following:

• Identifying, investigating and rating potential threats and vulnerabilities

• Identifying logical thought processes for defining the system's security

• Creating a set of standard documents that can be used to create specifications and security testing and prevent future duplication of security efforts

• Reducing threats and vulnerabilities

• Defining the overall security level of a system or application