3. Cybersecurity Assessment Overview
What is a cybersecurity assessment?
• IT is an in-depth review of your organization’s ability to protect its
information assets against relevant threats to include:
• Assessing the entire organizational environment against rigorous
security controls
• Examining the effectiveness of an organization’s operating environment
– people, processes and technology
• Identifying areas of improvement that needs to be strengthened
• Compiles a list of solutions and improvements to address risks and
weaknesses
4. Cybersecurity Assessment Overview, cont.
Who needs an assessment?
• All organizations can benefit from a security assessment as it:
• Provides valuable insights that allow you to see your security posture
from an objective and independent perspective
• Provides evidence of abiding by security best practices
• Support after-the-fact-investigation when necessary
• Can provide demonstrable evidence of security vulnerabilities to
support budget requests.
• Recommendation on how to mitigate areas that need improvement
5. Benefits of Cybersecurity Assessment
• Enables organizations to:
• Address gaps
• Manage risks,
• Allocate resources to better protect their organization.
• The assessment can strengthen an organization’s security
posture as well as reduce costs.
• Repeatable processes
• Automate processes
7. Assessment Strategy
Initial Scoping Planning:
• Varying Documentation Requests (snapshot of environment)
• System Security Plan
• Contingency Plan
• System Design Document
• Configuration Management Plan, etc.
• Formal Cybersecurity Assessment
• Interview Questions
• Review of existing documentation
• GAP Analysis
8. Assessment Strategy, cont.
• Interview Sessions
• Based on job role
• Technical testing
• Vulnerability scanning or analyzing of current scans
9. Outcome
• Final Deliverables
• Final Meetings
• Out-brief of Security Assessment
• Security Assessment Report
• Review and summarize security vulnerabilities from assessment
• Review how to solve gaps