Does your cyber strategy inform your team's daily operations?
Develop a security strategy that keeps your team accountable and focused
Does your strategy include all of these elements?
- Clearly stated and defined mission and purpose to keep your team focused on business objectives
- Assessment and metrics that provide you with relevant gaps and ways to measure your progress to closing gaps while identifying new gaps
- Complete picture of the security functions and tools your team needs in order to achieve your mission and purpose
- Threat prevention
- Threat detection
- Cloud and application security
- Cyber threat intelligence
- Documented compliance program that accounts for international, federal, state and industry regulations your organization must comply with
- Fosters process development that enables automation
- Communications plan that includes stakeholders outside of the security team
- Response plan for handling incidents and breaches that require outside assistance
Looking for help developing your strategy?
Schedule a time to discuss
Case Study: Developing an Assessment Strategy
Most organizations conduct annual penetration tests and periodic framework assessments (against NIST, ISO, etc). But in this case we helped define an assessment strategy that would encompass the scope of each assessment type, the timing and frequency and help them align their assessment strategy with their overall roadmap and business objectives.
We started by building an assessment program (that consisted of the following steps):
- Conducting threat modeling exercises
- Identifying attack scenarios that match the outcomes of the threat modeling exercise
- Identifying gaps in prevention, detection and response capabilities for each identified scenario through targeted assessments or simulations
- Developing a roadmap strategy and metrics for remediation based on identified scenarios and gaps
- Developing associated reports for internal and stakeholder consumption
- Integrating security data points in the overall business strategy
This assessment strategy encompassed all of their testing techniques including:
- Penetration testing
- Red Teaming
- Program assessments
- Annual scenario tests such as tabletop exercises