The Chief Information Security Officer of a leading cards payments company wanted to assess the current state of cyber resilience of the most critical business platforms, and offer recommendations to improve the existing cyber security profile of the company. The focus was on evaluating controls, maturity, and business impact rather than restricting conclusions to technical impact.
We developed a measurable, repeatable model for the cyber review of 16 business platforms and the enterprise as a whole. This was based on our scoring methodology for security controls and maturity, based on industry standards from ISF (Information Security Forum) and NIST (National Institute of Standards and Technology). We obtained qualitative and quantitative inputs for the model through discussions with key stakeholders across the organization and provided a detailed analysis of each platform’s control effectiveness, maturity level, and threat profile. Our output included industry benchmarking to show how the client compared with best-in-class industry peers, an evaluation of cyber security controls and effectiveness at the platform and enterprise level, and an evaluation of cyber security maturity compared to target maturity level. We used our analyses to make prioritized recommendations to the client for improving their cybersecurity profile.
We collated actionable recommendations for the enterprise and the platforms to help reduce risk and improve cyber resilience. The client obtained a clear understanding of the business processes and security controls that they would need to enhance to achieve their security maturity goals and elevate their cyber resilience. We provided client with a well-defined, repeatable methodology for conducting platform cyber reviews, enabling them to continuously track and improve cybersecurity controls and maturity each year