The need for effective cyber security is felt, at board level and more widely, by organisations of all types and sizes. Despite the critical nature of the challenge, however, diverse failings are commonplace.
Many organisations lack a comprehensive and coherent cyber security strategy. Governance, monitoring and user understanding are often weak, while an overly strong focus on technology leads to the deployment of multiple, poorly integrated point solutions.
Patching and vulnerability management are often undertaken in an ad-hoc manner. Privileged accounts go unprotected, weak user passwords are the norm and, even given the recent intense focus on GDPR, data protection is limited at best.
Many of these issues are a result of the all-pervading, complex, multi-faceted nature of the cyber security challenge. Identifying where to start and what to prioritise can be difficult indeed.
An Objective Benchmark
MTI’s Cyber Security Maturity Assessment (CSMA) is designed to answer that question. It presents an objective, independent benchmark of the organisation’s cyber security stance and its effectiveness, along with prioritised remediation guidance.
The CSMA report’s Maturity Dashboard provides colour coded scoring for key security factors, using an objective, one-to-five scale, based on industry best practice and aligned with the UK National Cyber Security Centre’s Ten Steps to Cyber Security. This provides an at-a-glance reference for executives.
Executive and Technical Summaries
The CSMA report also includes an Executive Summary, giving executives a clear, prioritised view of recommended actions. Meanwhile, the Technical Summary identifies actions that technical staff can take to swiftly improve security. Often these entail enabling or reconfiguring capabilities of existing hardware and software resources, delivering immediate benefits for minimal expenditure and effort.
As well as providing a quick, clear, objective view of the organisation’s current cyber security stance, the dashboard also facilitates benchmarking against other organisations, across the market or by sector, by individual cyber security factor or across all factors.
Having produced the CSMA report, MTI can then review the organisation again at various points in the future, to help the board assess and maintain progress.
Basis and Scope
The CSMA combines core components from key industry frameworks, including ISO 27001, NIST Cybersecurity Framework, CIS Critical Security Controls Top 20, CREST, the STAR Testing Framework and the Cyber Essentials Framework, with MTI’s 28+ years of experience in IT modernisation and security. It has been designed to be easily executed and understood, with practical usability at its heart.
Key areas covered include:
- Privileged access and its management – Read our Latest Guide on Privileged Access Management
- Managed SIEM
- Remote access control
- Perimeter security
- Policy, governance and user education
- Remediation activity
- Ransomware and other malware protection – Read our Latest Blog on Ransomware
- Media controls
- Technology management and configuration
How it Works
Using questionnaires, workshops and interviews, MTI’s security specialists work with key technical, commercial and executive stakeholders in the organisation. Looking at current activities, future plans, the organisation’s technological and strategic direction, and its approach to risk, we build a clear picture of its security posture, identifying key strengths and weaknesses in its security strategy.
The CSMA’s findings are then presented via the Maturity Dashboard, and Technical and Executive Summaries. Working from this objective baseline, the organisation can plan effectively to improve its cyber security, taking advantage of MTI’s comprehensive security portfolio and extensive experience.
Learn more about the CSMA here