Prism Infosec has launched its Cyber Maturity Assessment service to help organisations identify areas of strong cyber security defence and where improvements can be made to their security posture.
The assessment provides the C-suite with a standardised initial benchmark against which to measure cybersecurity maturity and organisational performance.
The Cyber Maturity Assessment is mapped to the National Institute of Standards and technology (NIST) Cybersecurity Framework and covers all five core areas (identify, protect, detect, respond and recover) with maturity graded using five maturity rankings (initial, developing, defined, managed or optimised).
A team of GRC specialist consultants carry out interviews, review documents and observe current practices in order to thoroughly assess, capture and report on the risks.
The end report delivers insights into a variety of areas including asset management, supply chain risks, identity management and access control, staff security awareness, information protection processes and procedures, security monitoring and detection, as well as the effectiveness of response and recovery planning.
“We need to move the needle for businesses to become more risk aware,” said David Adams, GRC Security Consultant, Prism Infosec.
“Organisations need to capture, quantify cyber risk and manage it but many have no idea what their level of maturity is.
“Risk remains an unknown and it is not uncommon to find asset lists that don’t include tangibles such as financial data or intellectual property (IP).”
The Cyber Maturity Assessment service is delivered by practitioners who individually hold more than 25 years’ experience in security assurance testing, are ISO27001 Lead Auditors, CISSP certified and are sector specialists.
They form part of the Governance Risk and Compliance (GRC) Consulting team with the Cyber Maturity Assessment the latest addition to Prism Infosec’s Compliance Framework Assessments.
Suitable for organisations of all sizes from SMEs through to large enterprises, the Cyber Maturity Assessment provides a view on the risks facing the business together with a roadmap of recommendations and estimated timescales to enable the business to achieve its cyber maturity goals.
“Risk varies from business to business,” Adams said.
“Small organisations may have no data protection or risk management process in place and while the large enterprises do have governance in place in the form of a CIO or an internal audit team, these are generally stretched for time and do not have the necessary skill sets to perform security audits.
“To accurately appraise risk requires perspective and an understanding of the nuances of the business which a third party can bring to the process.”