top of page

Cyber Capability/Maturity Assessment

As part of any organisation's commitment to improving its cyber security, it should formally assess its current capabilities across many areas to understand its current levels of capability/maturity.

This initial assessment, known as a baseline assessment, provides input to an organisation's improvement plan. Therefore, it can be used to measure its improvement over a defined timeframe in areas including governance, process, user education, and the implementation of technical or physical controls to minimise risk.

Improvement is only possible if organisations have an initial formally established position or benchmark from which to measure change, which is why the initial baseline assessment benefits organisations. 

​Synovum's cyber-capability assessment (CCA) can assist organisations in building an effective security programme, which will help minimise exposure to cyber risk and ensure a clear strategy for handling future incidents while maintaining a continual improvement and monitoring process.

​Consideration would be given to the following areas as part of our CCA:

  • ​Cyber security policies and procedures.

  • Governance, risk, and compliance (GRC).

  • Regulatory/legal compliance requirements.

  • Physical/information asset management.

  • HR/administrative processes relating to cyber security.

  • Access control measures.

  • Physical security.

  • Network/communication security.

  • Incident response planning/management.

  • Organisational Internet footprint.

​​To support a structured assessment of an organisation’s capabilities, Synovum utilises industry-standard tools, such as the Cybersecurity Capability Maturity Model (C2M2) assessment criteria created by the US Department of Energy.

 

From an improvement planning perspective, the C2M2 model content maps across to the National Institute of Science and Technology’s (NIST) Cybersecurity Framework (CSF), So, if NIST is used as the guiding framework for implementation, the C2M2 can be used to understand in which NIST functions, and formally, the improvement is needed.

Following the identification of any gaps through the CCA, a Security Improvement Plan (SIP) will be developed. This plan provides a foundation for setting priorities, assigning ownership, allocating time, money, and human resources, and measuring and improving compliance with the guidelines. 

Please contact us for further information regarding a CCA that we can carry out for your organisation.

bottom of page