top of page

ARM yourself... Assess Remediate Manage

Assess

  • Identify Vulnerabilities

  • Review Policies and Technologies

  • Determine Security Maturity Level (SML)

Remediate

  • Cybersecurity Roadmap and Budget

  • Remediation Project Planning

  • Defined Security Strategy

  • Identify and Assign Security Team Roles

Manage

  • Regular Team Meetings

  • Review Security Reports

  • Review Key Security Metrics

  • Review current threats

  • Respond to attacks

Know yourself

An IT Security Assessment, when based on the NIST Cybersecurity Framework, provides companies valuable insights into their current risk exposure. This is quantified as your current SML (security maturity level) score.

People

Activities unstaffed or uncoordinated

Process

No formal Security Program in place

Technology

Despite security issues, no controls exist

Developing 2.0

People

Infosecleadership established, informal communication

Process

Basic governance and risk management process, policies

Technology

Some controls in development with limited documentation

Defined 3.0

People

Same roles and responsibilities established

Process

Organization wide processes and policies in place but minimal verification

Technology

More controls documented and developed, but over-reliant on individual efforts

Managed 4.0

People

Increased resources and awareness, clearly defined roles and responsibilities

Process

Formal infosec committees, verification and measurement processes

Technology

Controls monitored, measured for compliance, but uneven levels of automation

Optimized 5.0

People

Culture supports continuous improvement to security skills, process, technology

Process

Process more comprehensively implemented, risk-based and quantitatively understood

Technology

Controls more comprehensively, automated and subject to continuous improvement

Initial 1.0

NIST Cybersecurity Framework

The higher your SML score, the more proactive your organization. A higher organizational SML directly correlates to a net reduction in risk exposure and the costs associated with data breaches.

Proactive

Identify

  • Asset Management

  • Business Environment

  • Governance

  • Risk Assessment

  • Risk Management Strategy

Protect

  • Access Control

  • Awareness and Training

  • Data Security

  • Info Protection Processes and Procedures

  • Maintenance

  • Protective Technology

Detect

  • Anomalies and Events

  • Security Continuous Monitoring

  • Detection Processes

Reactive

Respond

  • Response Planning

  • Communications

  • Analysis

  • Mitigation

  • Improvements

Recover

  • Recovery Planning

  • Improvements

  • Communications

bottom of page