Cybersecurity Risk and Posture Assessment
Evaluate Your Mid-Sized Organization's Readiness Against Cyber Threats
Our Mid-Size Cybersecurity Risk and Posture Assessment helps identify and analyze potential risks to an organization's information and information systems leveraging frameworks such as the Center for Internet Security (CIS) Controls by assessing security controls, policies, and procedures.
- Cyber Risk and Posture Roadmap Strategy Report: a high-level focused and prioritized three (3) year roadmap strategy to address the findings of the assessment
- Improved Protection of Sensitive Data and Systems: A cybersecurity assessment helps to identify potential vulnerabilities in your organization's networks, systems, and data, to help prevent cyber-attacks and protect sensitive information
- Enhanced Compliance with Relevant Regulations: Your organization may be required to comply with certain regulations or industry standards related to cybersecurity. Having a cybersecurity roadmap in place helps you meet these requirements
- Increased Customer Trust: Customers are increasingly concerned about the security of their personal data and having a robust cybersecurity plan can help to build trust and establish your organization as a responsible steward of sensitive information
- Reduced Financial and Reputational Risks: Cybersecurity breaches can result in significant financial losses, as well as damage to an organization's reputation. Having a cybersecurity program in place can help to minimize these risks. This assessment is a first step in understanding what is required to make the most impactful reduction of risk
- Improved Organizational Resilience: A strong cybersecurity posture helps your organization recover more faster from a cyber-attack or security incident, reducing the overall impact on your operations
Long View’s approach to cybersecurity reporting is right sizing the strategy recommendations and the report for your organization. All organizations have different requirements so one solution does not work for everyone. Additionally, a report hundreds of pages long will typically go unread and unresolved. Core to our approach are the following principles:
- Incorporate established industry assessment frameworks as inputs to ensure guidance and recommendations are based on systematic methodology and quantifiable data, rather than subjective feelings
- Prioritize the implementation of basic security measures before proposing more advanced solutions for your mid-sized environment
- While it is not feasible to fully eliminate risk, it is important to prioritize the protection of critical assets, for the short- and long-term
- The cybersecurity strategy is developed with the needs and concerns of multiple stakeholders in mind, including business leadership, IT leadership, and the team responsible for implementing the strategy
- The report serves as the foundation for a successful cybersecurity program and must be aligned with the goals and objectives of your business
The written strategy is typically 30-40 pages with the following elements:
- Executive Summary to provide your business leaders budget requirements to move forward, timeline, five (5) key findings, and five (5) calls to action
- Assessment Methodology discussing the frameworks leveraged
- Current State Observations and Recommendations broken down into three (3) themes based on the findings for all levels of the business
- Roadmap based on approximately ten (10) initiatives/projects in alignment with the three (3) main themes discovered during assessment, and high-level budgetary estimates/hours of effort to implement
- After the baseline assessment, two (2) additional Target State Assessments are created leveraging the roadmap to predict potential state half-way through the roadmap, and upon completion of the roadmap
- Evidence provided in a clickable
Core to the assessment process are business and technical workshops. These workshops should not be considered an audit, and instead are intended to be collaborative and educational. These workshops are used to gain insight into upcoming projects, pain points, and educate the teams regarding security technologies and concepts.
The business workshop typically takes two (2) hours (in 1 or 2 sessions) with the goal of understanding the alignment of your business and IT needs (and direction), processes and procedures (including effectiveness), risk management, organizational structure, staffing, budget, and roadmap brainstorming. Stakeholders typically involved in these workshops include IT directors and executives such as CIO, CISO, and CFO.
The technical workshop is interactive and typically takes six (6) hours spread out over several days. The technical workshops work through 130 safeguards of the 18 CIS Controls and are used to provide context into any gaps within business and technical processes, as well as any vulnerabilities to the organization. Typically, these workshops involve staffing from security and infrastructure teams. Participation from both technical and management resources are important to understand how the IT and security teams interact with the business.
Cybersecurity is an ongoing process. After the report is created, the project includes up to three (3) 90-minute meetings to review and present findings to stakeholders within your organization.
Typically, the first presentation is given to the team involved with the project and provides them an opportunity for review and to provide feedback on any corrections or revisions. The following meetings are up to your organization to determine what would most help you move forward with roadmap implementation.
Examples of sessions include:
- Q&A regarding concepts or findings within the report
- Walkthrough of the report and roadmap with stakeholders
- Presentation to Executive team or other stakeholder groups
- Focused brainstorming and planning of next steps with a Long View Architect and Account Manager
We’re ready when you are! [email protected]