Alignment to Frameworks
We engage the CISO Office, Compliance and Risk Management to understand the organization’s risk appetite and assess the cybersecurity program against established and emerging frameworks including NIST Cybersecurity Framework, ISO27k, HIPAA, PCI-DSS, GDPR and our own H24.
We issue a request list to be completed by the CISO’s Office which includes an inventory of controls and their status, responsible staff, and sample deliverables for key security processes including incident response, anomaly detection, privilege management, education and awareness and core protection technologies. We conduct interviews and discuss the cybersecurity program’s deliverables to assess maturity, scope of coverage, specificity of controls to meet IT and business needs, quality and consistency of outputs.
Measure Your Cybersecurity Maturity with H24
Security Risk Advisors maintains a capabilities maturity framework that helps organizations visualize, evaluate, and prioritize cybersecurity investments. Unlike most frameworks, H24 is updated annually to focus on currency of good practices and emerging controls.
We review the CISO Office’s reports, metrics and deliverables for Senior Management and the Board. We discuss effective practices to create improved transparency and draw attention to areas of need.
We summarize our recommendations for improvement, including suggestions for prioritization based on expected benefits, risk reduction and emerging good practices. We evaluate risk and reward of large spend initiatives and recommend appropriate changes to staffing, controls automation and management processes.