Cybersecurity Maturity Assessment

Overview

Where does your security strategy stand? What are your biggest risks? Where should you focus your efforts? The Brandvakt Cyber Security Maturity Assessment (CSMA) is a gap analysis and risk assessment that utilizes cybersecurity best practices and recognized cyber frameworks to answer these questions surrounding your existing security program. 

The Brandvakt CSMA is valuable to any organizations independent of size. The goal of the CSMA is to provide a view of your current security posture, an objective review of existing plans, and a guide to strategic planning. The CSMA will also help your organization develop tactical and strategic directions to further mature and strengthen your security program efforts, to ensure efficient utilization of existing investments as well as hash out a trajectory of prioritized activities and in what order of implementation. 

Brandvakt also aims at aligning your security program with industry best practices and compliance standards.

How it works 

The Brandvakt Cyber Security Maturity Assessment focuses on specific controls that protect critical assets, infrastructure, applications, and data by assessing your organization’s defensive posture. The assessment also emphasizes operational best practices for each control area, as well as the organizational effectiveness and maturity of internal policies and procedures. The CSMA can be tailored to align with several different recognized cybersecurity control sets and frameworks based on your organization’s goals, industry, and maturity level. Your assessment will be conducted by our Advisory Services experts, with extensive experience across different areas of security and compliance; this ensures your plan makes the most sense for your organization’s needs.

Assessment Overview

The Brandvakt CSMA engagement is divided into three phases and consists of onsite interviews, remote phone or video interviews, and a detailed review of policy documentation and operational procedures. We aim to be as efficient as possible: Help us by being prepared to answer questions that span people, processes, and technology (with the focus being on people and processes).

We will get deep into the weeds talking architecture, strategy, risk, and roadmap to formulate a comprehensive view of your security environment. The final output will consist of the following: 

Key tactical and strategic recommendations

Identified gaps and focus areas

A roadmap for your organization

Summary with an executive analysis and scorecard

Observations by the consultant(s)

A detailed report to help management

The report is intended to address the highest impact and risk areas, and give your subject matter experts detailed information for implementation within your organization.

Specifications

Brandvakt typically bases our CSMA using CIS Critical Security Control (CIS-18, former CIS20). CIS-18 are a set of prioritized safeguard controls to mitigate the most prevalent cyber-attacks against systems and networks. These controls are mapped to and referenced by multiple legal, regulatory and policy frameworks (including ISO27001). 

CIS-18 or CIS Controls v8 is revised to include the movement to cloud-based computing, virtualization, mobility, outsourcing, work-from-home and the ever changing landscape of attacker tactics.

CIS 1 - 18

CIS Control 1: Inventory and Control of Enterprise Assets 

CIS Control 2: Inventory and Control of Software Assets 

CIS Control 3: Data Protection 

CIS Control 4: Secure Configuration of Enterprise Assets and Software CIS Control 5: Account Management 

CIS Control 6: Access Control Management 

CIS Control 7: Continuous Vulnerability Management 

CIS Control 8: Audit Log Management 

CIS Control 9: Email Web Browser and Protections

CIS Control 10: Malware Defenses 

CIS Control 11: Data Recovery 

CIS Control 12: Network Infrastructure Management 

CIS Control 13: Network Monitoring and Defense 

CIS Control 14: Security Awareness and Skills Training 

CIS Control 15: Service Provider Management 

CIS Control 16: Application Software Security 

CIS Control 17: Incident Response Management 

CIS Control 18: Penetration Testing