Prism Infosec, an independent cybersecurity consultancy, has launched a Cyber Maturity Assessment service. The initiative is designed to aid companies in identifying the strengths and weaknesses of their cyber security defence and pinpoint potential areas of improvement. The assessment will provide a standardised initial benchmark allowing corporations to measure their cybersecurity maturity and organisational performance.
The Cyber Maturity Assessment will utilised the National Institute of Standards and Technology (NIST) Cybersecurity Framework, covering all five core facets (identify, protect, detect, respond, and recover). Maturity will be graded using five rankings: initial, developing, defined, managed, and optimised. A specialised team is set to carry out interviews, document reviews, and observe current practices to thoroughly evaluate the risks.
The final report will provide insights into a range of areas, including asset management, supply chain risks, identity management and access control, staff security awareness, information protection processes and procedures, security monitoring and detection, and response and recovery planning effectiveness.
It comes after industry body ISACA found that one in five organisations do not assess their cyber maturity, with the figure for those that do remaining stagnant at 65% for the last two years. David Adams, GRC Security Consultant at Prism Infosec, said, "We need to move the needle for businesses to become more risk aware. Organisations need to capture, quantify cyber risk and manage it, but many have no idea what their level of maturity is."
The ISACA report found that the top three reasons for not conducting regular risk assessments were the time commitment involved (41%), insufficient personnel to perform the assessment (38%), and lack of internal expertise (22%), all indicating a need for external assistance. According to Adams, the Cyber Maturity Assessment service helps mitigate these problems by providing experienced practitioners who possess sector-specific expertise and a thorough understanding of the nuances of varying businesses, enabling accurate risk appraisal.
The Cyber Maturity Assessment, the latest addition to Prism Infosec's Compliance Framework Assessments, is suitable for organisations of all sizes, from SMEs to large enterprises. The service provides a comprehensive overview of the business risks, presents a roadmap of recommendations, and provides estimated timescales for achieving cyber maturity goals. Adams adds, "To accurately appraise risk requires perspective and an understanding of the nuances of the business which a third party can bring to the process."
Prism Infosec provides assessment services over cloud and traditional on-prem architectures and enterprise applications to the public and private sector. The organisation's team of dedicated consultants combine business and management skills with technical acumen. Prism Infosec is Cyber Essentials Plus, ISO27001:2013 ISMS and ISO9001:2015 QMS accredited.