Maturity Assessment
How DOes Your Security Program Stack Up?
Determine your organisation’s biggest risks and where to best focus your security efforts.
The goal of the Maturity Assessment is to provide a view of your current security posture and an actionable roadmap based on the identified outcomes. It will also help your organisation develop tactical and strategic directions to further mature and strengthen your security program efforts. In addition, aligning your security program with leading industry frameworks and best practices will further enhance and uplift your program to meet industry compliance standards.
The Maturity Assessment focuses on specific controls that protect critical assets, infrastructure, applications, and data by assessing your organisation’s defensive posture. The assessment also emphasises operational best practices for each control area and the organisational effectiveness and maturity of internal policies and procedures.
The Maturity Assessment is typically performed against the Center for Internet Security (CIS) Top 20 Critical Security Controls, but can be tailored to align with several different cybersecurity control sets and frameworks based on your organisation’s goals, industry, and maturity level. Additional control sets and frameworks we specialise in currently include:
• ISO/IEC 27001:2013 (ISO 27001)
• Payment Card Industry Data Security Standard (PCI DSS)
• NIST Cybersecurity Framework (NIST CSF)
• NIST Special Publication 800-53 (NIST 800-53)
• NIST Special Publication 800-171 (NIST 800-171)
The engagement is divided into multiple phases and consists of interviews with stakeholders and business owners, an external penetration test, policy and documentation reviews.
We use a flexible approach that fits in with your schedule and aim to be as efficient as possible. Some topics that will be covered include network design and architecture, security requires and controls, risk and strategies which all help build an accurate view of your security environment
As part of the Maturity assessment, we include an External Penetration Test and Security Posture Assessment. These tests identify your external threats, including vulnerable internet-facing systems and leaked organisational credentials and data.
The deliverable for the Maturity Assessment includes:
- A one-page executive summary including a security scorecard
- A roadmap for your organisation’s security journey
- Key technical and strategic recommendations
- Key findings and observations made by our experts
- The identified risks and focus areas
- A detailed report to help management
The report is intended to address areas with the highest impact and risk, and contains actionable strategic and technical recommendations to assist your subject matter experts in addressing the identified security gaps.
Experience
We Have experience working with all industries.
Cybra’s vast service portfolio covers all corporate and enterprise grade systems, networks and applications. Our consultants are not only certified with globally recognised certifications, but have decades of experience consulting in all business verticals and industries, allowing us to use our experience to provide you unrivalled customer service and tailored services to meet your specific security requirements.
Education remains a prime target to cybercriminals due to the private data that many schools and learning centres are custodians of. Education is often under-resourced and faces uphill battles when trying to maintain a strong cyber security posture against new and emerging threats.
We have vast experience in working with Education providers and understanding their specific needs and requirements when it comes to protecting their student and staff information.
Government, particularly local governments and councils, face a multitude of challenges when protecting their assets from cybercriminals. This tends to stem from diverse architectures and systems, legacy applications, changing regulations and compliance and lack of budget.
We have worked extensively with local governments over the years and have a solid understanding of how they work, what they are trying to protect and what outcomes are desirable.
The most popular service we offer with government clients is penetration testing of external internet-connected infrastructure and websites.
Attackers can be opportunistic shoppers — and in the retail industry, they see a potentially vulnerable target. Countless big-name retailers have been hit by data breaches, including Macy’s, Home Depot, CVS, Kay Jewelers, Best Buy, Target and more. The retail sector is a top target for cybercriminals, especially as growing pressure from eCommerce giants forces more and more retail transactions online.
We have performed penetration testing over retail shopping websites, mobile applications and cloud deployments. We have also performed penetration testing designed to satisfy PCI DSS compliance.
The finance industry is always at the coal-face of cybersecurity, providing the most alluring target to would-be attackers. Due to the importance of protecting customer’s data and money, the finance industry is required to abide by some of the strictest regulations and compliance obligations.
We have performed penetration testing of banking infrastructure (internal and external) and of banking mobile applications.
Critical infrastructure, such as power and electricity, is becoming a hot-button cybersecurity topic due to the interconnected nature of new ICS and SCADA infrastructures worldwide.
Attacks on critical infrastructure, industrial espionage, phishing emails and drive-by downloads are just a few of the tactics employed by cybercriminals that can lead to defective products, production downtime, physical damage, injuries and death, the loss of sensitive information and more.
The manufacturing industry is an especially attractive target for cybercriminals for several reasons, including:
* Legacy equipment or industrial IoT devices that were not necessarily put in place with security in mind
• Gaps between IT and operations technology
• Lack of documented training, processes and procedures a
• Failure to conduct adequate risk assessments
The Internet of Things (IoT) is one of the greatest potential weak spots for manufacturers when it comes to cybersecurity. While they gain efficiencies and improve production processes with connected devices and intelligent machinery, the IoT exposes manufacturers to a network easily infiltrated by those looking to do harm.
We have performed penetration testing of critical infrastructure networks, including secure network segmentation testing.
Like the government, health care organisations are privy to a plethora of sensitive information. And like the government, many organizations are not adequately protecting that data. Millions of patients have had access to private records compromised in an ongoing series of costly and high-profile data breaches. The health care industry also has suffered considerably more than other industries when faced with ransomware attacks.
Health care organisations have been a frequent target of cyber-attacks for two primary reasons, the high value of data that these organisations possess and the ease with which hackers are able to access this data. Data gleaned from insecure systems is then sold on the black market, where cybercriminals purchase and sell personal data for a multitude of purposes including espionage and identity fraud.