Situation
A leading research provider wanted to understand the cybersecurity risk associated with the services they provided, especially given that they collected a large volume of sensitive, personally identifiable information. The client received significant scrutiny of their security practices during due diligence, and needed to have a clear response regarding their risk and mitigation measures.
Satori Solution
The cybersecurity assessment consisted of conducting a full review of security controls using the ISO 27002 framework as a reference point. The maturity level of these controls was assessed using Satori’s Cybersecurity Maturity framework [combination of National Institute of Standards and Technology (NIST) cybersecurity framework and Capability Maturity Model Integration (CMMI)]. Additionally, we leveraged results from the client’s most recent penetration test to better understand their technical vulnerabilities. We also conducted a compliance assessment to understand the client’s level of compliance with existing regulation.
The cybersecurity program definition focused on detailed definition of the controls needed to close gaps. It included a detailed review of the SaaS platform [application, integration, data, infrastructure (AWS)] and software development practices. We provided recommendations for leading cybersecurity practices such as secure development, two-factor authentication, container security, and vulnerability management.
Results
Our Cybersecurity Assessment provided a clear understanding of cybersecurity risk, established a benchmark and methodology to measure cybersecurity effectiveness, and defined an actionable plan to reduce risk to an acceptable level.
Our Cybersecurity Program Definition enabled the client to implement leading cybersecurity practices while significantly reducing business risks. It also established a culture to effectively manage risks by applying the right security controls, and enabled the client to more effectively communicate their approach to cybersecurity to internal and external stakeholders.