Credential theft, social attacks, and errors cause 2/3 of breaches in cyber attacks. Do you know if your Security Program is Mature?
Gauge Your Cybersecurity Program to Improve Your Security PostureTangible Security’s Security Program Assessment measures the maturity of your security program against industry standards and delivers actionable recommendations that will improve your security posture, close any gaps, reduce risk, and increase your cyber resilience.
Tangible uses current standards such as NIST, ISO, COBIT or other formats as a starting framework, coupled with our expertise to understand your security program’s current state and gaps to determine its capability maturity level.
How Effective is Your Cybersecurity Program?Tangible will work with you to examine the quality and effectiveness of your program, identify and understand weaknesses and vulnerabilities, and evaluate your readiness to defend and respond to today’s cyber threats.
Additionally, Tangible may incorporate a cyber resilience review (CRR) as part of the assessment. The CRR is based on DHS CERT standards, and measures incident response management capability. Tangible also performs a technical configuration assessment, to ensure that a sample of the security devices is configured correctly and best able to provide protection when needed.
Security Road Map DevelopmentTangible Security will build on the findings during the Security Program Assessment and create a Security Road Map. A security "Current State" is established during the assessment. A custom security "Target State" will be established during the Security Road Map development that takes into consideration your specific industry and compliance requirements.
The Security Road Map typically outlines a multi-year strategic and tactical plan with recommendations on sequencing and priority for improving the effectiveness of your Security Program’s maturity Level over time, and will also provide preliminary budget information for planning purposes.
Security Program Areas Covered:
- Security Program Strategy and Architecture Governance
- Gap Assessment (based on ISO 27001, NIST, HIPAA, GDPR, PCI DSS, COBIT, or other standard)
- Cyber Resilience Review (based on DHS CERT standards for IR)
- Policies and processes including:
- Overall Security
- Access Control
- Data Protection
- Vulnerability Management
- Incident Management
- Secure System Configuration
- Configuration Control
- Wireless Use
- Security Reporting and Metrics
- Security Awareness Training
Technical Capabilities ReviewedIn addition to policies, the Security Program Assessment reviews the technical capabilities your security posture, identifies capability gaps or configuration errors, and suggest ways and priorities to improve.
- Firewall and Router ACLs
- Remote Access Configuration
- Wireless Configuration
- Vulnerability Scanning & Management
- Patch Management
- System Security Configuration
- Security Device Configuration & Effectiveness
- Incident Response / Management Capability
- Physical Security
- Secure Application Design & Lifecycle Management (if applicable)