The basis of the framework around all the elements of a sound information security program and organizational capability commensurate with the unique risks to the organization’s data assets, should be a profound understanding of the organization’s cybersecurity posture and level of maturity, its cybersecurity strategy, and the policies that support that strategy – based on its risk appetite and business objectives. Whether measured against an accepted cybersecurity framework, a standard or regulation, or an industry benchmark, it is fundamental in today’s cyber-frenzied climate that senior managers and Board members tasked with information security and oversight responsibilities come to expect an unvarnished level of insight into the level of maturity of their organizations, so adjustments can be made to bring their cybersecurity aspirations in line with the current state of play.
- Current State Assessments Against Key Cybersecurity Frameworks – ISO, NIST, COBIT, SANS CSC
- Cybersecurity Maturity Posture Assessments and Industry Benchmarking
- Developing and Operationalizing Adequate Cybersecurity Policies and Procedures
- Strategy and Training Around Secure Software Development
- Security Awareness and Training Programs
- Information Security and CISO Staffing