How does Your Current CyberSecurity Posture looks like ? Where does your security strategy stand? What are your biggest risks? Where should you focus your efforts? Where do you stand with respect to your peers ? Why CyberSecurity Maturity Assessment ?
Majority of the answers for above questions for an organisation lies in its Cyber Security Maturity, and can easily be unfolded by security maturity assessment of an organisation.
What is CyberSecurity Maturity Assessment :
The Cyber Security Maturity Assessment of an organisation focuses on it’s specific controls that protect critical assets, infrastructure, applications, and data by assessing your organization’s defensive posture. The assessment also emphasizes operational best practices for each control area, as well as the organizational effectiveness and maturity of internal policies and procedures.
Common Problems with Organisations:
The real problem is with the philosophy of the organisation about cyber security.
The graphic below, produced by the Enterprise Strategy Group, does a nice job of explaining why some companies just don’t get it when it comes to taking effective measures to manage cyber risks and threats.
Benefits of CyberSecurity Maturity Assessment:
1- Provide Current CyberSecurity Posture :
People have controls in place, but they are not using it effectively. For Example, organisation put in a big firewall and then not do anything else. Having logs and firewalls is great, but if nobody’s looking at it, it is doing absolutely no good.”
Assessment includes examining relevant internal processes and technologies, and then meeting with individuals (relevant stakeholders) within your organization who understand the security functions inside the organisation. It will provide a full picture of current cyber security strength and weaknesses.
2- Benchmarking Against Industry :
You can compare your current security posture with respect to your peers, it will help you in getting the current security trends in your organisation.
3 – Help In Optimising Security Investments :
It has been seen that organisations are focusing more towards some security controls, and implementing many technology solutions which are catering to one particular security control, i.e, overlap of technology capabilities.
Cyber Security Maturity Assessment will reduce Costs by Identifying Redundancies & Replacement Opportunities
4- Balancing Cyber Security Portfolio :
It has been seen that organisations are focusing more towards some security controls (Identify & Protect) while overlooking others ( Respond & recover) , which is not a good practice.
Cyber Security Maturity Assessment you can find the gaps and invest in technologies evenly, making sure of a balance security for a better security posture.
5- Security Strategy And Roadmap :
After organisations know their current security posture, and decide to improve it. Cyber Security Maturity Assessment will help in defining Security Strategy & Prioritized Implementation Roadmap for organisations.
6 – Help CISOs To Communicate Security To Board :
It helps CISOs to easily communicate the security plan to board to might not understand the nitty gritty of cyber security. It usually provides a scoring system gives a fast indication of which security control processes are under-achieving or need to be tuned against security targets.
Infosec leaders have a number of security maturity models to chose from including the U.S. National Institute of Standards and Technology’s (NIST) Cyber Security Framework, ISO 27001, The Open Group’s O-ISM3, the Information Security Forum’s Maturity Model Accelerator Tool and the Information Systems Audit and Control Association’s (ISACA) COBIT.
While the Cybersecurity Maturity Assessment is particularly valuable to medium and large businesses, organizations of any size can benefit from it.
FireShadows CyberSecurity Maturity Assessment:
FireShadows cybersecurity maturity assessment program consider both internal and external perspective of an organisation. Cybersecurity Maturity Assessment utilizes cybersecurity best practices and recognized cyber-frameworks (NIST) to answer these questions surrounding your existing security program.
Internal Assessment (NIST Based):
The aim is to understand the organisation’s preparedness to deal with today’s most sophisticated attacks. This assessment includes examining your relevant internal processes and technologies. And then meeting with individuals (relevant stakeholders) within your organization who understand the security functions inside the organisation.
- People: questionnaire based on 10+ years of experience of mutual work with numerous clients with long-established security operations centers and security teams,
- Process: questionnaire based on the foundations of ISO 27001,
- Technology: technical controls are based on the NIST Framework
External Assessment (OSINT Based):
This help organisation to find out how they look from outside (The hacker view). FireShadows evaluates SSL Security, Web Security, DNS Security and Mail Security using open source intelligence, and provide an overall security (external) score.
Together, combining internal and external cybersecurity maturity assessment, FireShadows develop aprofile (cybersecurity score) showing your current security posture, and benchmarking you with your peers. It also provide a security strategy and prioritized road map to improve the current security posture.
References:
https://cmmiinstitute.com/getattachment/cdc3dc50-54d4-44a0-93fc-0298f32bcc18/attachment.aspx