Conducting a Program Maturity Assessment

TrustedSec focuses on five (5) main categories during an assessment:

1. Identify - One of the first steps in understanding an environment is to learn about the business context, the resources that support the critical functions, and the related cybersecurity risks to the organization. Then you can prioritize efforts and resources consistent with the risk management strategy and business needs.
2. Protect - With the known critical assets and influences, you can then start to develop the controls that limit or contain cybersecurity events. This ranges from endpoint controls to minimum security baselines, physical controls, and good security awareness.
3. Detect - While prevention is the ultimate goal for cybersecurity, the current environment's ever-evolving threats makes it not feasible. To combat this, we need to ensure that timely detection mechanisms alert on potential issues before they turn into major incidents.
4. Respond - Once potential issues are detected, a swift, efficient response is necessary to stop the threat in its tracks and minimize its reach.
5. Recover - Finally, we look at the organization’s ability to develop, implement, and maintain plans for resilience and to restore any capabilities or services that were impaired. This includes plans for DDoS, ransomware, and potential compromises of systems, and should often be included within the company’s core business continuity plan.

Whichever framework your organization aligns to, TrustedSec will provide applicable and achievable recommendations tailored specifically to your organization's capabilities.