The Information Security Assessment will assist the Client with understanding the current state of risk to the confidentiality, integrity and availability of sensitive data, provide guidance and best practice recommendations to reduce risk in the most cost-effective manner and lay the foundation for a cybersecurity framework and risk management program. The Information Security Assessment will incorporate the recommendations of the CIS (Center for Internet Security) Top 20 Security Controls and the key objectives of information security as defined therein:
-Policy and procedures -Asset Management -Data identification
-System Backups -Patch Management -Incident Response
-Access Controls -Awareness Training -Log Analysis
The CIS Top 20 Security Controls is a prioritized set of best practices created to give organizations, regardless of size, the ability to implement and refine their cybersecurity program. Following this set of recommended controls can help organizations build out a comprehensive program to identify, protect, detect, respond to and recover from cybersecurity threats.
Understanding where the organization’s cybersecurity posture stands against the CIS Top 20 Security Controls is an important first step when building a cybersecurity program.
- in-depth priority-based Cybersecurity controls assessment and gap analysis.
- Provides an assessment and review of existing controls compared against a prioritized set of practices every organization should implement.
- Designed to provide organizations guidance and recommendations to enhance their cybersecurity posture based on the CIS Top 20 Security Controls.