A Cyber Maturity Baseline assesses the current ICT environment, identifying risks to achieving or maintaining organisational objectives, tabling areas of improvement and creating a security baseline. This allows the organisation to make better use of its existing ICT investment, by reducing risk, improving security and allowing for future growth and new functionality.
Recommendations, including governance, technical or procedural controls, shall be provided to reduce any residual risk to acceptable levels. Along with risk mitigation recommendations, an information security roadmap shall be formulated, to support current and future business objectives.
Information security is influenced across many organisational processes and the technological footprint, which need to be considered both in isolation as well as holistically. A generic representation is shown below.
The cyber assessment provides a view of the current security posture, identifying possible areas of risk or weakness, which may affect the confidentiality or availability of data and systems.
Some examples of the types of security issues that may be uncovered include:
The Cyber Security Posture Assessment is to be performed across the ICT environment to identify and evaluate any risks to the organisation. The assessment provides an independent, objective, qualified evaluation of the security risks inherent within the ICT environment.
To accomplish this, an assessment of the current environment is proposed, encompassing a number of technical and non-technical areas. Risks and areas of concern regarding people, process and technology are highlighted. Once the current environment is understood and documented, decisions can be made regarding risk appetite and supporting business functions. Any significant risks are identified, and recommendations provided.
Information security analysis and framework tasks will be completed by senior security consultants with experience in the Privacy Act, ISO 27001 , NIST CSF , ISM and security best practices. For example, these consultants have been engaged by the Office of the Australian Information Commissioner, responsible for privacy functions as conferred by the Privacy Act, to assess its own protection of personal and sensitive information.
Get in touch with us today for a free consultation to discuss your cyber security maturity posture.