Prism Infosec, the independent cybersecurity consultancy, today announced the launch of its Cyber Maturity Assessment service to help organisations identify areas of strong cyber security defence and where improvements can be made to help improve their security posture. The assessment provides the C-suite with a standardised initial benchmark against which to measure cybersecurity maturity and organisational performance.
The Cyber Maturity Assessment is mapped to the National Institute of Standards and technology (NIST) Cybersecurity Framework and covers all five core areas (identify, protect, detect, respond and recover) with maturity graded using five maturity rankings (initial, developing, defined, managed or optimised).
A team of GRC specialist consultants carry out interviews, review documents, and observe current practices in order to thoroughly assess, capture and report on the risks. The end report delivers insights into a variety of areas including asset management, supply chain risks, identity management and access control, staff security awareness, information protection processes and procedures, security monitoring and detection, as well as the effectiveness of response and recovery planning.
Cyber maturity is defined as being an organisation’s strategic readiness to mitigate threats and vulnerabilities, according to industry body ISACA, but the practice is not as widespread as it should be. One in five organisations do not assess their cyber maturity while the figure for those that do (65%) has not changed over the past two years, according to its The State of Cybersecurity 2023 report.
“We need to move the needle for businesses to become more risk aware. Organisations need to capture, quantify cyber risk and manage it but many have no idea what their level of maturity is. Risk remains an unknown and it is not uncommon to find asset lists that don’t include tangibles such as financial data or intellectual property (IP),” states David Adams, GRC Security Consultant at Prism Infosec.
The top three reasons given for not conducting regular risk assessments, according to the ISACA report, were the time commitment involved (41%), not having enough personnel to perform the assessment (38%) and lack of internal expertise (22%) – all obstacles which indicate the need for external expertise.
The Cyber Maturity Assessment service is delivered by practitioners who individually hold more than 25 years’ experience in security assurance testing, are ISO27001 Lead Auditors, CISSP certified and are sector specialists. They form part of the Governance Risk and Compliance (GRC) Consulting team with the Cyber Maturity Assessment the latest addition to Prism Infosec’s Compliance Framework Assessments.
Suitable for organisations of all sizes from SMEs through to large enterprises, the Cyber Maturity Assessment provides a comprehensive view on the risks facing the business together with a roadmap of recommendations and estimated timescales to enable the business to achieve its cyber maturity goals.
“Risk varies from business to business. Small organisations may have no data protection or risk management process in place and, while the large enterprises do have governance in place in the form of a CIO or an internal audit team, these are generally stretched for time and do not have the necessary skill sets to perform security audits. To accurately appraise risk requires perspective and an understanding of the nuances of the business which a third party can bring to the process.” says Adams.