Security Programs

We work with our clients to establish an industry aligned framework, whether it be COBIT, ISO, NERC CIP, NIST, etc.  We have even taken industry frameworks and trimmed them down for smaller clients, making them palatable yet not diminishing the security requirements.  The benefit to this approach is both applying security holistically, as well as being consistent.  It affords the use of common language and terms and is recognized by your peers as well as new employees joining your company.

We provide full maturity health assessment services around the framework of choice, be it NIST, ISO, PCI, etc  with executive and board reporting as required.  Our maturity assessments cover the program from the high level, giving management an immediate view of the health of cyber security within IT or OT. Additionally, when done annually, this provides a mechanism to measure the progress of security initiatives and effectiveness of the program over time.

Key to a successful security program is creating a set of initiatives into a roadmap and understanding the objectives behind each. We work with you to define the target state of maturity for your controls and then prioritize the initiatives based not only on risk but on business drivers and realistic ability to implement in a given time frame. We make our roadmaps pragmatic and tactical in nature, allowing you to clearly envision what is required and simplifying the implementation.

The ability to report on progress and health of a program is key to it’s ongoing success. Senior management needs a window into the cyber security world without having to spend time trying to understand the technical vulnerabilities and risk. To enable this transparency, we assist clients to develop key metrics, aligned with regulatory requirements and internal policy. This provides the upward reporting and assurance to the executive.