The Situation
The Chief Information Security Officer of a leading cards payments company wanted to assess the current state of cyber resilience of the most critical business platforms, and offer recommendations to improve the existing cyber security profile of the company. The focus was on evaluating controls, maturity and business impact rather than restricting conclusions to technical impact.
The Satori Solution
We developed a measurable, repeatable model for the cyber review of 16 business platforms and the enterprise as a whole. This was based on our scoring methodology for security controls and maturity, based on industry standards from ISF (Information Security Forum) and NIST (National Institute of Standards and Technology). We obtained qualitative and quantitative inputs for the model through discussions with key stakeholders across the organisation and provided a detailed analysis of each platform’s control effectiveness, maturity level and threat profile. Our output included industry benchmarking to show how the client compared with best-in-class industry peers, an evaluation of cyber security controls and effectiveness at the platform and enterprise level, and an evaluation of cyber security maturity compared to target maturity level. We used our anaylses to make prioitized recommendations to the client for improving their cyber security profile.
The Results
We collated actionable recommendations for the enterprise and the platforms to help reduce risk and improve cyber resilience. The client obtained a clear understanding of the business processes and security controls that they would need to enhance to achieve their security maturity goals and elevate their cyber resilience. The client was provided with a well-defined, repeatable methodology for conducting platform cyber reviews, enabling them to continuously track and improve cyber security controls and maturity each year