We help our clients develop a clear view of their cyber security posture by executing for them assessment or audits. Our assessment services are performed using industry-accepted standards such as NIST Cybersecurity Framework, Security and Privacy Controls for Federal Information Systems and Organizations, ISO/IEC 27001 and 27002, etc.
We conduct a thorough review of the client’s existing processes, technology and people in the area of cybersecurity. We interview staff, review all IT environments, security policies, processes, standards, incident response plans, dataflow diagrams, configurations and other documentation describing current controls and their maturity. We run a comparative analysis against the industry-accepted standards and guidelines and develop evaluation ratings. Gap analysis is prepared on the basis of these findings developed in the context of industry-accepted standards.
The recommendations for improving the effectiveness of the client’s security controls have the objective of bringing them in alignment with the industry standards. Prioritization of the findings based on the security impact and order of magnitude time to implement the remediation recommendations help to develop the transformation roadmap.