Cyber Maturity and Benchmarking

Cyber security is the latest buzz word in a world that is already complicated. Traditional approaches have been to leave it up to IT or the annual external audits, however with recent high profile events, management and C-level executives are now concerned about cyber security and can no longer afford to put it on the backburner.

One of the challenges for the executives is to gain insight into the status of cyber security within their organization without being weighed down by technical jargon or being scared off by prophets of doom.

IT and security managers are typically too embedded to see the greater picture and can report on the health on components, but not the overall program.

Iron Spear’s Cyber Maturity Service (CMS) is a review of your organization’s level of cyber control and your ability to protect and defend against cyber threats.

This is not a technical audit, rather a walkthrough of your complete environment and comparing it to industry standards such as the NIST Cybersecurity Framework (CSF). The CMS will assess your individual processes, documents, technology and people at level that provides good understanding, without being a crippling audit. North American industries have widely adopted the NIST CSF, and we have developed simplified control assessment questions associated to each NIST CSF subcategory, which guide our experts in the assessment.

Using this standard model has allowed us to develop a consistent approach to the maturity assessment, no matter the organization or industry. This enables Iron Spear to provide not only your current state of maturity, but also how you compare to your industry peers*. We are able to benchmark customers and tailor their target states of maturity based on their industry, regulatory requirements and overall risk appetite of the executive.

Our methodology has been developed and refined over the five years since the CSF was released. We have performed over 100 of these assessments to date and are able to provide valuable input into your annual strategy and security roadmap based on the results of these assessments.

At the end of each assessment, we will provide:

• An executive summary of the current state and key areas for improvement, with maturity graphics to include in presentations and reports that provide a view of your cyber security health at a quick glance.
• A report detailing the gaps identified, as well as recommendations and priorities to include in your cyber security roadmap.