We help you establish a security management program by following the seven-step process described below. We create an Action Plan to address the gaps between your current profile and target profile. The spider charts created by our Cognitive Security Manager give you real-time status of your security management posture.
Step 1: Prioritize and Scope – Identify business/mission objectives and high-level priorities of your organization. Recommend strategic decisions regarding cybersecurity implementation. Determine the scope of systems and assets that support the selected business lines and processes.
Step 2: Orient - Identify related systems and assets, regulatory requirements, and overall risk approach for the business lines or process within scope. Consult sources to identify threats and vulnerabilities applicable to those systems and assets.
Step 3: Create a Current Profile - Develop a Current Profile of your organization by indicating which Category and Subcategory outcomes are currently being achieved. If an outcome is partially achieved, noting this fact will help support subsequent steps by providing baseline information.
Step 4: Conduct a Risk Assessment - Refer to your organization’s overall risk management process or previous risk assessment activities to analyzes the operational environment and discern the likelihood of a cybersecurity event and the impact that the event could have on the organization. Identify emerging risks and use cyber threat information from internal and external sources to gain a better understanding of the likelihood and impact of cybersecurity events.
Step 5: Create a Target Profile - Create a Target Profile that focuses on the assessment of the Framework Categories and Subcategories describing your organization’s desired cybersecurity outcomes. Consider influences and requirements of external stakeholders such as sector entities, customers, and business partners when creating a Target Profile.
Step 6: Determine, Analyze, and Prioritize Gaps - Compare the Current Profile and the Target Profile to determine gaps. Create a prioritized action plan to address gaps – reflecting mission drivers, costs and benefits, and risks – to achieve the outcomes in the Target Profile. Determine resources, including funding and workforce, necessary to address the gaps. Using Profiles in this manner, guide customer to make informed decisions about cybersecurity activities, support risk management, and enable the organization to perform cost-effective, targeted improvements.
Step 7: Implement Action Plan - Determine which actions to take to address the gaps identified in the previous step and adjust your organization’s current cybersecurity practices. Recommend a risk assessment frequency to improve the quality of risk assessments through iterative updates to the Current Profile, subsequently comparing the Current Profile to the Target Profile, to align customer’s cybersecurity program with the desired goals.
We use our Cognitive Security Management platform to support this methodology and help you establish a unified security management program.
Please submit the form below to discuss your requirements.