Cybersecurity Maturity Assessment
Overview
Where does your security strategy stand? What are your biggest risks? Where should you focus your efforts? The Brandvakt Cyber Security Maturity Assessment (CSMA) is a gap analysis and risk assessment that utilizes cybersecurity best practices and recognized cyber frameworks to answer these questions surrounding your existing security program.
The Brandvakt CSMA is valuable to any organizations independent of size. The goal of the CSMA is to provide a view of your current security posture, an objective review of existing plans, and a guide to strategic planning. The CSMA will also help your organization develop tactical and strategic directions to further mature and strengthen your security program efforts, to ensure efficient utilization of existing investments as well as hash out a trajectory of prioritized activities and in what order of implementation.
Brandvakt also aims at aligning your security program with industry best practices and compliance standards.
How it works
The Brandvakt Cyber Security Maturity Assessment focuses on specific controls that protect critical assets, infrastructure, applications, and data by assessing your organization’s defensive posture. The assessment also emphasizes operational best practices for each control area, as well as the organizational effectiveness and maturity of internal policies and procedures. The CSMA can be tailored to align with several different recognized cybersecurity control sets and frameworks based on your organization’s goals, industry, and maturity level. Your assessment will be conducted by our Advisory Services experts, with extensive experience across different areas of security and compliance; this ensures your plan makes the most sense for your organization’s needs.
Assessment Overview
The Brandvakt CSMA engagement is divided into three phases and consists of onsite interviews, remote phone or video interviews, and a detailed review of policy documentation and operational procedures. We aim to be as efficient as possible: Help us by being prepared to answer questions that span people, processes, and technology (with the focus being on people and processes).
Key tactical and strategic recommendations
Identified gaps and focus areas
A roadmap for your organization
Summary with an executive analysis and scorecard
Observations by the consultant(s)
A detailed report to help management
The report is intended to address the highest impact and risk areas, and give your subject matter experts detailed information for implementation within your organization.
Specifications
Brandvakt typically bases our CSMA using CIS Critical Security Control (CIS-18, former CIS20). CIS-18 are a set of prioritized safeguard controls to mitigate the most prevalent cyber-attacks against systems and networks. These controls are mapped to and referenced by multiple legal, regulatory and policy frameworks (including ISO27001).
CIS-18 or CIS Controls v8 is revised to include the movement to cloud-based computing, virtualization, mobility, outsourcing, work-from-home and the ever changing landscape of attacker tactics.
CIS 1 - 18
CIS Control 1: Inventory and Control of Enterprise Assets
CIS Control 2: Inventory and Control of Software Assets
CIS Control 3: Data Protection
CIS Control 4: Secure Configuration of Enterprise Assets and Software CIS Control 5: Account Management
CIS Control 6: Access Control Management
CIS Control 7: Continuous Vulnerability Management
CIS Control 8: Audit Log Management
CIS Control 9: Email Web Browser and Protections
CIS Control 10: Malware Defenses
CIS Control 11: Data Recovery
CIS Control 12: Network Infrastructure Management
CIS Control 13: Network Monitoring and Defense
CIS Control 14: Security Awareness and Skills Training
CIS Control 15: Service Provider Management
CIS Control 16: Application Software Security
CIS Control 17: Incident Response Management
CIS Control 18: Penetration Testing