Contact Us
Menu
Contact Us

Maturity

Maturity

A Cyber Maturity Baseline assesses the current ICT environment, identifying risks to achieving or maintaining organisational objectives, tabling areas of improvement and creating a security baseline. This allows the organisation to make better use of its existing ICT investment, by reducing risk, improving security and allowing for future growth and new functionality.

Recommendations, including governance, technical or procedural controls, shall be provided to reduce any residual risk to acceptable levels. Along with risk mitigation recommendations, an information security roadmap shall be formulated, to support current and future business objectives.

Information security is influenced across many organisational processes and the technological footprint, which need to be considered both in isolation as well as holistically. A generic representation is shown below.

maturity-infographic

Organisational Outcomes

The cyber assessment provides a view of the current security posture, identifying possible areas of risk or weakness, which may affect the confidentiality or availability of data and systems.

Some examples of the types of security issues that may be uncovered include:

  • Using publicaly accessible infrastructure to gain unauthorised access to systems and data.
  • Poor processes by authorised users.
  • Unauthenticated access to data, such as a database or via an application.
  • Inadequate privilege and access enforcement, allowing a legitimate user with access to a portion of data to gain access to other users’ data.
  • Inadequate lifecycle management of the technology stack, leading to compromise and control of assets. This could be used to gain unauthorised access to data or internal systems, or to use ICT assets for unauthorised activities (e.g. storing illegal data).
  • Assess the resilience and susceptibility of staff and systems to common compromise techniques, such as targeting phishing emails containing malware.
  • Unnecessary services and lack of server hardening, increasing the likelihood and breadth of unauthorised data access.

Process

The Cyber Security Posture Assessment is to be performed across the ICT environment to identify and evaluate any risks to the organisation. The assessment provides an independent, objective, qualified evaluation of the security risks inherent within the ICT environment.

To accomplish this, an assessment of the current environment is proposed, encompassing a number of technical and non-technical areas. Risks and areas of concern regarding people, process and technology are highlighted. Once the current environment is understood and documented, decisions can be made regarding risk appetite and supporting business functions. Any significant risks are identified, and recommendations provided.

maturity-process

Information security analysis and framework tasks will be completed by senior security consultants with experience in the Privacy Act, ISO 27001 , NIST CSF , ISM and security best practices. For example, these consultants have been engaged by the Office of the Australian Information Commissioner, responsible for privacy functions as conferred by the Privacy Act, to assess its own protection of personal and sensitive information.

Book a Free Consultation

Get in touch with us today for a free consultation to discuss your cyber security maturity posture.