A leading research provider wanted to understand the cybersecurity risk associated with the services they provided, especially given that they collected a large volume of sensitive, personally identifiable information. The client received significant scrutiny of their security practices during due diligence, and needed to have a clear response regarding their risk and mitigation measures.
The Satori Solution
The cybersecurity assessment consisted of conducting a full review of security controls using the ISO 27002 framework as a point of reference. The maturity of these controls were assessed using Satori’s cybersecurity maturity framework [combination of National Institute of Standards and Technology (NIST) cybersecurity framework and Capability Maturity Model Integration (CMMI)]. Additionally, Satori leveraged results from the client’s most recent penetration test to better understand their technical vulnerabilities, and conducted a compliance assessment to understand the client’s level of compliance with existing regulation.
The cybersecurity program definition focused on detailed definition of the controls needed to close gaps. This included a detailed review of the SaaS platform [application, integration, data, infrastructure (AWS)] and software development practices. We provided recommendations for leading cybersecurity practices such as secure development, two-factor authentication, container security, and vulnerability management.
Our Cybersecurity Assessment provided a clear understanding of cybersecurity risk, established a benchmark and methodology to measure cybersecurity effectiveness, and defined an actionable plan to reduce risk to an acceptable level.
Our Cybersecurity Program Definition enabled the client to implement leading cybersecurity practices while significantly reducing business risk. It also established a culture to effectively manage risk by applying the right security controls, and enabled the client to more effectively communicate their approach to cybersecurity to internal and external stakeholders.