Suffering an attack can inflict brand damage, financial loss and/or regulatory fines. It is not effective enough to invest in hardware and software solutions alone.
Lessening the likelihood of a successful attack on your organisation, or the chance of an accidental breach, requires a comprehensive security maturity assessment to focus on all three components, People, Process & Technology. Due to the increase in targeted attacks and regulatory requirements to protect sensitive data, a security maturity assessment is suitable of all organisations, regardless of size and industry.
BH Consulting have a well worked formula for conducting Security Maturity Assessments which is suitable for SME’s right through to large and multi-national organisations.
The purpose of the assessment is to review the current management of information security from a Governance, Risk and Compliance standpoint. While BH Consulting can perform in-depth technical testing, that is not a function of this exercise, it is instead a company-wide review of all facets of information security involving people, process and technology.
A security maturity assessment requires a good understanding of your business and the important drivers for you and your organisation. Our process benchmarks the status of your information security against information security standards and best practices such as the ISO 27001:2013 standard, NIST Cybersecurity Framework (National Institute of Standards and Technology) and CIS Controls (Center for Internet Security).
Our specialist team will provide you with a report and will discuss each of the key areas to ensure the impact of our findings are fully understood. We will also prioritise risk mitigation measures and actions tailored to your organisation’s size, resources and risk appetite.
During this engagement we will have an in-depth workshop with you to better understand your organisation and assess the current status of your information security to identify the following:
- Your main information assets
- The threats to those assets
- The effectiveness of your current security strategy and employed controls
- Any gaps that may exist exposing you to potential threats
Our security maturity assessment will help you make more informed choices about choosing the right security controls by determining the following:
- What is your critical information and where is it held?
- What controls are currently in place to protect this information?
- Visibility of the risks specific to your organisation
- Practical and prioritised recommendations to mitigate risks
- A clear road map to drive information security strategy, policies, and project plan
This service can be carried out remotely.