What is a Cybersecurity Evaluation?
CDS’s Cybersecurity Evaluation is based off the CERT Resilience Management Model and follows the recently established NIST Cybersecurity Framework. It is a voluntary, non-technical (to an extent) assessment to evaluate the operational resilience and Cybersecurity capabilities of an organization. We do this by examining an organization’s Cybersecurity resilience practices across ten domains:
- Asset Management
- Controls Management
- Configuration and Change Management
- Vulnerability Management
- Incident Management
- Service Continuity Management
- Risk Management
- External Dependency Management
- Training and Awareness
- Situational Awareness
Why do a Cybersecurity Evaluation?
Cybersecurity is more than just technology. Servers, Workstation, Routers, Wireless, etc are just the tip of the iceberg. Cybersecurity is a serious business issue that can, within seconds, ruin a company’s reputation, worth and competitive position if not taken seriously.
Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices – for reducing cyber risks to critical infrastructure. This framework is known as the NIST Cybersecurity Framework.
Utilizing this framework in our evaluation methodology, allows CDS to assess currently deployed security strategies and a repeatable approach for performing evaluations against a set of industry best practices and government standards to increase consistency of your organization’s Cybersecurity posture, no matter what sector your business operates in.
At the end of the Cybersecurity Evaluation, you will know:
- How your organization rates on compliance on 22 categories and 98 sub-categories
- How your particular infrastructure, policies and practices attribute or deter from compliance
- Base level issues and recommendations for your particular technology infrastructure, management practices and policies/procedures
- How to define a roadmap to address the most critical Cybersecurity issues faced by your organization
What are the benefits of performing Cybersecurity Evaluation?
With Cybersecurity breaches becoming mainstream news daily, Cybersecurity awareness and preparedness are no longer luxuries, they are increasingly becoming mandated by law and demanded by customers. By performing a voluntary Cybersecurity Evaluation your organization can expect:
- A better understanding of your organization Cybersecurity posture;
- An improved organization-wide awareness of the need for effective Cybersecurity management;
- A review of capabilities most important to ensuring the continuity of critical services during times of operational stress and crisis;
- A verification (and marketable) measure of management success;
- An identification of Cybersecurity improvement areas;
- A catalyst for dialog between participants from different functional areas within an organization
What the Cybersecurity Evaluation is not:
The Cybersecurity Evaluation is not a Penetration Test or a technical Vulnerability and Threat Assessment. While these are needed and part of a well rounded Cybersecurity plan, the Cybersecurity Evaluation is a higher level, systematic, repeatable and comparable method for assessing your organizations Cybersecurity posture, resilience and infrastructure.
Interested? Please contact us to determine if your company is eligible for an evaluation. Not all organizations are eligible for evaluation base on CDS’s internal quality management and customer success criteria.