Cyber Security Maturity Assessment

Measure your cyber resilience and maturity.

Improsec performs a Cyber Security Maturity Assessment based on the CIS Critical Security Controls (CSC 20) framework to provide an independent security analysis and assessment of selected networks, systems and data which influences the business infrastructure. Your cyber security maturity is assessed in relation to the implemented technical security controls and measures, as well as the organization’s management involvement, policies and procedures. The analysis provides a strategic overview of the identified vulnerabilities and the required mitigating actions.

Value

  • Measure your cyber security maturity against the Critical Security Controls framework (e.g., CIS, ISO27x, NIST, etc. )

  • Evaluate your cyber resilience against a simulated cyber security attack

  • Identify areas of improvement that can be prioritized and added as actions to a cyber security roadmap

Product

The deliverable of the assessment is a written report containing the following:

  • A non-technical section with an Executive Summary for management and decision makers

  • An analysis outlining the current state of IT security within the organization, assessed though selected hands-on technical tests

  • Recommendations on enhancing the level of security for the findings identified during the technical tests

  • A compliance analysis based on the Critical Security Controls framework

  • Bullet-based, focused and prioritized actions that will effectively mitigate or reduce the impact of a cyber attack

Method

Our analysis is based on guidelines from the Center for Internet Security (CIS), SANS, Microsoft, “Center for Cybersikkerhed” and other recognized sources and built around the Critical Security Controls (CSC 20) framework. The concluding maturity level is assessed based on a combination of meetings, workshops and interviews involving representatives of IT management and the technical staff. In addition, relevant technical tests are conducted on selected networks, systems and data.

Involvement

The delivery requires involvement of your IT management and technical staff for approximately 1-2 days.