Close
CYBER SECURITY PROGRAM ASSESSMENT
Cybersecurity Risk
Assessment
Overview
The Cybersecurity Risk Assessment involves working collaboratively with DC Consulting Service to design, assess, identify gaps, and report on strengths and/or weaknesses of a client's cybersecurity program. These results help DC Consulting clients develop, implement and maintain a comprehensive cybersecurity program to protect their critical IT resources and Information assets.
Key deliverables from the cybersecurity assessment
The assessment results enables the organization to document key business applications, IT resources, and information assets, understand and
communicate the current state of cybersecurity, and improve the cybersecurity risk profile over time.
System Security Plan (SSP)
Current Risk Profile (RP)
Plan of Action and Milestones
(POA&M)
Executive Report
Cybersecurity Risk Assessment Frameworks
and Controls
The Cybersecurity Risk Assessment is based on industry best practices including the NIST Risk Management Framework (RMF) and NIST Cybersecurity Framework (CSF). The cybersecurity controls are based on the Center for Internet Security (CIS) Critical Security Controls. The RMF / CSF Framework and CIS Controls will be implemented and managed for the client's critical IT systems and business applications.
Cybersecurity Risk Assessment Approach
1
Collect Information
Conduct a kickoff meeting to collect pertinent information from the operation's team (network diagrams, user-access diagrams, data flow diagrams, asset inventories, security tools inventories, manager names / roles, etc.). The client will assign resources to work DC Consulting LLC to complete the assessment and associated documentation.
2
Draft Plans
Based on information gathered in Step 1, complete the draft System Security Plan (SSP) and the draft Cybersecurity Risk Assessment (CRA).
3
Validate Assumptions
Review the results of the draft System Security Plan (SSP) and draft Cybersecurity Risk Assessment (CRA) with the client to validate any assumptions regarding the network diagrams, user access diagrams, data flow diagrams, asset inventories, security tools inventories, manager names / roles, etc.
4
Document Maturity
Review the results of the draft System Security Plan (SSP) and draft Cybersecurity Risk Assessment (CRA) with the client to understand and document the relative maturity of the security controls based on the CIS Critical Security Controls.
5
Client Review
Once answers to all questions and clarification of unclear areas are resolved, the draft reports will be shared with the client management team for review and comment.
6
Delivery
After final feedback is received from the client, and all critical assumptions, business and technical solutions, controls, controls gaps, etc., are documented and approved, the final documents (System Security Plan, Current Risk Profile, Plan of Action and Milestones, Executive Report) will be delivered to the client program lead.