Cyber Security Program Assessment
CYBER SECURITY PROGRAM ASSESSMENT
Cybersecurity Risk
Assessment
Overview
Assessment
Overview
The Cybersecurity Risk Assessment involves working collaboratively with DC Consulting Service to design, assess, identify gaps, and report on strengths and/or weaknesses of a client's cybersecurity program. These results help DC Consulting clients develop, implement and maintain a comprehensive cybersecurity program to protect their critical IT resources and Information assets.
Key deliverables from the cybersecurity assessment
The assessment results enables the organization to document key business applications, IT resources, and information assets, understand and
communicate the current state of cybersecurity, and improve the cybersecurity risk profile over time.
communicate the current state of cybersecurity, and improve the cybersecurity risk profile over time.
System Security Plan (SSP)
Current Risk Profile (RP)
Plan of Action and Milestones
(POA&M)
(POA&M)
Executive Report
Cybersecurity Risk Assessment Approach
1
Collect Information
Conduct a kickoff meeting to collect pertinent information from the operation's team (network diagrams, user-access diagrams, data flow diagrams, asset inventories, security tools inventories, manager names / roles, etc.). The client will assign resources to work DC Consulting LLC to complete the assessment and associated documentation.
Conduct a kickoff meeting to collect pertinent information from the operation's team (network diagrams, user-access diagrams, data flow diagrams, asset inventories, security tools inventories, manager names / roles, etc.). The client will assign resources to work DC Consulting LLC to complete the assessment and associated documentation.
2
Draft Plans
Based on information gathered in Step 1, complete the draft System Security Plan (SSP) and the draft Cybersecurity Risk Assessment (CRA).
Based on information gathered in Step 1, complete the draft System Security Plan (SSP) and the draft Cybersecurity Risk Assessment (CRA).
3
Validate Assumptions
Review the results of the draft System Security Plan (SSP) and draft Cybersecurity Risk Assessment (CRA) with the client to validate any assumptions regarding the network diagrams, user access diagrams, data flow diagrams, asset inventories, security tools inventories, manager names / roles, etc.
Review the results of the draft System Security Plan (SSP) and draft Cybersecurity Risk Assessment (CRA) with the client to validate any assumptions regarding the network diagrams, user access diagrams, data flow diagrams, asset inventories, security tools inventories, manager names / roles, etc.
4
Document Maturity
Review the results of the draft System Security Plan (SSP) and draft Cybersecurity Risk Assessment (CRA) with the client to understand and document the relative maturity of the security controls based on the CIS Critical Security Controls.
Review the results of the draft System Security Plan (SSP) and draft Cybersecurity Risk Assessment (CRA) with the client to understand and document the relative maturity of the security controls based on the CIS Critical Security Controls.
5
Client Review
Once answers to all questions and clarification of unclear areas are resolved, the draft reports will be shared with the client management team for review and comment.
Once answers to all questions and clarification of unclear areas are resolved, the draft reports will be shared with the client management team for review and comment.
6
Delivery
After final feedback is received from the client, and all critical assumptions, business and technical solutions, controls, controls gaps, etc., are documented and approved, the final documents (System Security Plan, Current Risk Profile, Plan of Action and Milestones, Executive Report) will be delivered to the client program lead.
After final feedback is received from the client, and all critical assumptions, business and technical solutions, controls, controls gaps, etc., are documented and approved, the final documents (System Security Plan, Current Risk Profile, Plan of Action and Milestones, Executive Report) will be delivered to the client program lead.