Security Program

Cyber security is no longer a knee-jerk reaction to an audit or simply a response to a breach.  Today's companies are being proactive and want to establish a security program upfront that is aligned to the business requirements and meets the goals of risk and benefits to the organization.  We offer many services, both in part and whole to clients in this space and these include the following listed below.


Cyber Security Framework

We work with our clients to establish an industry aligned framework, whether it be COBIT, ISO, NERC CIP, NIST, etc.  We have even taken industry frameworks and trimmed them down for smaller clients, making them palatable yet not diminishing the security requirements.  The benefit to this approach is both applying security holistically as well as being consistent.  It affords the use of common language and terms and is recognized by your peers as well as new employees joining your company.

Maturity Assessment

Independent security reviews and assessments can provide a window into the health of cyber security at specific points, but the key to understanding it across the organization is to begin measuring the maturity of the control practices against each element in the chosen framework.  Management will have a better understanding of where to focus budget and resources by identifying the current state of maturity within each component of the framework.

Depending on the framework chosen, or if you wish to use Iron Spear's simplified maturity framework, we can provide a heat map summary of your current state and will work with you to prioritize your next steps.


Key to a successful security program is creating a set of initiatives into a roadmap and understanding the objectives behind each.  We work with you to define the target state of maturity for your controls and then prioritize the initiatives based not only on risk, but on business drivers and realistic ability to implement in a given timeframe.  We make our roadmaps pragmatic and tactical in nature, allowing you to clearly envision what is required and simplifying the implementation.

Reporting Metrics 

Key to the success of any program, if you cannot report on the progress and health, it will be ineffective and possibly fail.  Senior management need a window into the cyber security world without having to spend time trying to understand the technical vulnerabilities and risk.  To enable this transparency, we assist clients to develop key metrics, aligned to regulatory requirements and internal policy.  This provides the upward reporting and assurance to the executive.