Instituting a Cybersecurity Program

Challenge

• Multiple customer audits overwhelming management staff
  
• A need to greatly improve response time to satisfy their customer’s demand
  
• A desire for operational excellence and the latest technology
  
• Improve incident response, security awareness, and end-point protection

‍

Opportunity

• Determine the best foundational security framework that would satisfy all their requirements
  
• Leverage a cloud based GRC application to easily respond and manage assessments/compliance.
  
• Become a champion to customers because they make security a priority.
  
• Utilize domain expertise when prioritizing investments to drive continuous improvement around their security posture

‍

Approach

• Implement Framework’s first of three phrased solution
  
• The “Investigate” phase was comprehensive but required only a small amount of time from our client’s resources.
  
• A quick questionnaire, a few interview style discussions to dig in to the details with an overview description of their existing boundary defense and vulnerability management toolset.
  
• The customer delivered all their existing policies and procedures and prior audit reports.
  
• Evidence was imported into the CyberStrong platform for analysis and controls were rated.
  
• Using CIS 20 allowed them to get a base foundation that can be leveraged for PCI/ISO/HIPPA in the future as needed by mapping the controls and minor changes.

‍

Results

• Management was able to focus on the business/service delivery, instead of dealing with requests from auditors.
  
• Framework was able to find several quick wins that fit client’s budget to accelerate their security program.
  
• Framework provided a new flexible and modern cybersecurity program including an InfoSec Policy and Procedure package.