Cybersecurity Maturity Assessments

A critical technique for assessing the current condition of an organizations cybersecurity program. 436 Research uses two well accepted cybersecurity frameworks to conduct these assessments.

Cybersecurity Posture

Determine the client’s overall cybersecurity posture as it relates to NIST, especially in nine critical Topic Areas (TA):

  • Information Security Management and Culture
  • Information Security Planning
  • Security Awareness, Training, and Education
  • Budget and Resources
  • Life Cycle Management
  • Certification and Accreditation
  • Critical Infrastructure Protection
  • Incident and Emergency Response

Cybersecurity Controls

Provide a numerical score for each TA that provides client’s with a relative rating based on a maturity model weighted average based on the company’s view of the relative importance of each NIST TA

Maturity Level 1: Policies (Are necessary policies documented, in place, read, and understood by all relevant stakeholders?)

Maturity Level 2: Procedures (Are documented procedures, in place, with comprehensive training for all relevant stakeholders? Do these procedures define how the company will effectively enforce cybersecurity policies described at maturity level 1?)

Maturity Level 3: Implementation (Are the procedures defined at Maturity Level 2 fully or partially implemented?)

Maturity Level 4: Testing (What levels of testing does client’s perform on implemented technical and procedural controls, implemented at Maturity Level 3?)

Maturity Level 5: Integration (Are the implemented controls integrated and work together to create a holistic security fabric?)

Assessment Findings

436 Research will provide a written report and PowerPoint presentation describing assessment methodology with:

  • A summary of the results
  • Maturity ratings by TA
  • A point of view on the current levels and an appropriate level, if necessary, to achieve
  • An Excel worksheet with all raw data. Modifiable weighting will provide Harmony the ability to change the importance of specific TAs based on business needs

The Excel worksheet is a flexible tool that provides Harmony the ability to change each TA’s relative weighting to use as a tool to prioritize security investments.

Recommendations for security project investment