Prism Infosec, the independent cybersecurity consultancy, announced the launch of its Cyber Maturity Assessment service to help organisations identify areas of strong cyber security defence and where improvements can be made to help improve their security posture.
The assessment provides the C-suite with a standardised initial benchmark against which to measure cybersecurity maturity and organisational performance.
NIST Cybersecurity Framework
The Cyber Maturity Assessment has mapped to the National Institute of Standards and Technology (NIST) Cybersecurity Framework and covers all five core areas (identify, protect, detect, respond and recover) with maturity graded using five maturity rankings (initial, developing, defined, managed or optimised).
The end report delivers insights into a variety of areas including asset management
A team of GRC specialist consultants carry out interviews, review documents, and observe current practices in order to thoroughly assess, capture and report on the risks. The end report delivers insights into a variety of areas including asset management, supply chain risks, identity management and access control, staff security awareness, information protection processes and procedures, security monitoring and detection, as well as the effectiveness of response and recovery planning.
State of Cybersecurity 2023 report
Cyber maturity is defined as an organisation's strategic readiness to mitigate threats and vulnerabilities, according to industry body ISACA, but the practice is not as widespread as it should be. One in five organisations does not assess their cyber maturity while the figure for those that do (65%) has not changed over the past two years, according to The State of Cybersecurity 2023 report.
“We need to move the needle for businesses to become more risk-aware. Organisations need to capture, quantify cyber risk and manage it but many have no idea what their level of maturity is. Risk remains an unknown and it is not uncommon to find asset lists that don’t include tangibles such as financial data or intellectual property (IP),” states David Adams, GRC Security Consultant at Prism Infosec.
Cyber Maturity Assessment service
GRC Consulting unit with Cyber Maturity Assessment the extra to Prism Infosec’s Compliance Framework
The top three reasons given for not conducting regular risk assessments, according to the ISACA report, were the time commitment involved (41%), not having enough personnel to perform the assessment (38%) and lack of internal expertise (22%) – all obstacles which indicate the need for external expertise.
The Cyber Maturity Assessment service is delivered by practitioners who individually hold more than 25 years of experience in security assurance testing, are ISO27001 Lead Auditors, CISSP certified and are sector specialists. They form part of the Governance Risk and Compliance (GRC) Consulting team with the Cyber Maturity Assessment the latest addition to Prism Infosec’s Compliance Framework Assessments.
Roadmap of recommendations
Suitable for organisations of all sizes from SMEs to large enterprises, the Cyber Maturity Assessment provides a comprehensive view of the risks facing the business together with a roadmap of recommendations and estimated timescales to enable the business to achieve its cyber maturity goals.
“Risk varies from business to business. Small organisations may have no data protection or risk management process in place and, while the large enterprises do have governance in place in the form of a CIO or an internal audit team, these are generally stretched for time and do not have the necessary skill sets to perform security audits. To accurately appraise risk requires perspective and an understanding of the nuances of the business which a third party can bring to the process,” says Adams.