Cyber security is no longer a knee-jerk reaction to an audit or simply a response to a breach. Today's companies are being proactive and want to establish a security program upfront that is aligned with the business requirements and meets the goals of risk mitigation. We offer many services, both in part or as part of a complete program, to clients in this space and these include those listed below.
Cyber Security Framework
We work with our clients to establish an industry aligned framework, whether it be COBIT, ISO, NERC CIP, NIST, etc. We have even taken industry frameworks and trimmed them down for smaller clients, making them palatable yet not diminishing the security requirements. The benefit to this approach is both applying security holistically, as well as being consistent. It affords the use of common language and terms and is recognized by your peers as well as new employees joining your company.
We provide full maturity health assessment services around the framework of choice, be it NIST, ISO, PCI, etc with executive and board reporting as required. Our maturity assessments cover the program from the high level, giving management an immediate view of the health of cyber security within IT or OT. Additionally, when done annually, this provides a mechanism to measure the progress of security initiatives and effectiveness of the program over time.
Key to a successful security program is creating a set of initiatives into a roadmap and understanding the objectives behind each. We work with you to define the target state of maturity for your controls and then prioritize the initiatives based not only on risk but on business drivers and realistic ability to implement in a given time frame. We make our roadmaps pragmatic and tactical in nature, allowing you to clearly envision what is required and simplifying the implementation.
The ability to report on progress and health of a program is key to it’s ongoing success. Senior management needs a window into the cyber security world without having to spend time trying to understand the technical vulnerabilities and risk. To enable this transparency, we assist clients to develop key metrics, aligned with regulatory requirements and internal policy. This provides the upward reporting and assurance to the executive.