CYBER CAPABILITY ASSESSMENT
As part of any organisation's commitment to improve its cyber security, it should implement an analysis of its current security posture and capabilities in many areas in order to provide a baseline.
This baseline can be utilised to be provide a measurement of improvement for the organisation in terms of governance, process, user education, or implementation of technical or physical controls to minimise risk to the organisation. Improvement is only possible if organisations have an initial established position or benchmark from which to measure change.
Through the use of a recognised framework such as the UK government's Cyber Essentials or its '10 steps to cybersecurity', NIST's Cybersecurity Framework v1.1 or the Centre of Information Security's CIS controls, our cyber capability assessment (CCA) process involves determining, documenting and obtaining management’s recognition of the variance between the organisation’s current information/cyber security programme and requirements set forth in the chosen control framework and/or best practice standard.
Synovum's CCA can assist your organisation in building an effective security programme, which will help to minimise exposure to cyber risk, and ensure a clear strategy for handling future incidents while maintaining a process for continual improvement and monitoring.
Consideration would be given to the following areas as part of our CCA:
Cyber security policies and procedures;
Governance and risk management;
Regulatory/legal compliance requirements;
HR/administrative processes relating to security;
Access control measures;
Incident response planning/management;
Organisational internet footprint.
Following identification of any gaps through the CCA, a Security Improvement Plan (SIP) will be developed which provides a foundation for setting priorities, assigning ownership, allocating investments of time, money and human resources and for measuring and improving compliance with the guidelines. The SIP would be aligned with your chosen framework to facilitate compliance, and a road-map to compliance would also be provided.
Following implementation of the SIP, further CCAs should be scheduled to evaluate progress against the initial road-map.
Please contact us for further information regarding a CCA that we can carry out for your organisation.
"My work experience with Andy as senior information security expert was productive in Lebanon, during which he delivered a professional well-drafted product, in a participatory manner."
Peter Salloum, International Development Expert in Conflict/Post-Conflict Countries