Cybersecurity Risk Assessment
The client needed a centralized view of their cybersecurity posture and risk to be able to demonstrate compliance with regulatory requirements. Additionally, the client needed a roadmap to demonstrate how they would address any unacceptable risks as part of compliance reporting.
Project Information
How this Project works
Hale Consulting Solutions LLC was engaged on this effort to assist to:
Assess Enterprise Risk
Using the CIS Risk Assessment Method (RAM), we conducted interviews and evaluated the client response to assess the organizations inherent level of risk, risk tolerance and specific levels of maturity against the 17 Controls and 55 CIS Safeguards that comprise IG1.
Identify Mitigating Safeguards
For each of the safeguards that was determined to have an “unacceptable” level of risk associated with it, we worked with the client, using the CIS recommended safeguards as a guide, to identify the safeguards that could be implemented to bring the level of risk to an “acceptable” level.
Additionally, foreach recommended safeguard we worked with the client to estimate the approximate cost and timeframe required to implement that safeguard.
Develop a Remediation Roadmap
Using the recommended safeguards, costs and timeframes along with the relative priority (determined by level of maturity or risk) to develop a 3-year roadmap for remediation that incorporated organizational constraints (budget and resource availability).
Project Result & Benefits of Project
- Increased awareness of cybersecurity risk and risk categories across the organization
- Identified and prioritized risks by relative risk level, cost and level of effort for remediation
- Developed a 3-year roadmap to address “unacceptable” risks based upon organizational priorities and constraints
“Trust in the digital business age is every bit as important as actual service delivery. Few things impact a company’s brand more than a badly handled data breach or prolonged service outage.” - Hugh Callaghan