Evaluate and plan your cybersecurity program
What’s the problem?
Cyber threats continue to increase, with cybersecurity risks regularly appearing on the Board agenda. Does your organisation have an appropriate cybersecurity program in place and a plan to improve it?
Understanding what you currently have in place, combined with an Action Plan to help you reduce risk, improve your cybersecurity maturity, and strengthen your operational resilience is what our Information Security Maturity Assessments deliver.
Our Maturity Assessments are technology-agnostic and based on sound security principles, meaning they provide guidance tailored to your organisation rather than a ‘buy Product X and all your problems are solved’ approach.
An Oyster IMS Information Security Maturity Assessment comes as a standard package, including a Gap Analysis against best practice, recommendations for your type of organisation and a tailored Action Plan.
Where are we now?
An Information Security Maturity Assessment
- Find out your current Information Security Maturity with a workshop-based status assessment.
- This will allow our security consultants to develop an understanding of your organisation and what cybersecurity practices and program you already have in place.
- The first deliverable will show your status against 10 key cyber security areas graded against a 4-level maturity scale.
Where should we be?
Next, we will plot your current status against where we think you should be. This recommended level will be a function of a number of factors, including:
- Your organisation size and business sector
- If you are in a regulated industry
- If you process personal data
- Your vendor and supplier relationships
- If you have a large number of outsourced processes
You’ll be able to see where the big gaps are and work out what you should deal with first.
How are we going to get there?
A prioritised, phased Action Plan tailored to your organisation
- This will tell you how to go about bridging the gaps and will be prioritised and phased to ensure that you can focus on the most important activities first.
- These activities can be carried out by your own team or in conjunction with Oyster IMS, the choice is yours.
In addition, Oyster IMS will highlight any areas where a deeper dive may be required into any identified areas of risk.
Example Phase one: Actions
- Identify your assets (hardware, software and data) that are key to the delivery of your core business and put them in an inventory or register.
- Record baseline configurations for your key hardware assets to allow viable recovery in the case of unauthorised modification.
- Evaluate all changes to your key assets for risks, benefits and security impacts, combined with an approval stage.
- Ensure that all asset changes and associated risks are documented.
