A forward-looking and risk-based cybersecurity strategy.
Do you know what to protect, which are your critical assets, and what you are up against facing today’s cyber threats? Is your organization security aware and how is security governed? Are security controls sufficient to mitigate risks? How do you measure security or the lack thereof? Is your security message clear and effectively communicated, to all relevant stakeholders?
UL helps to answer these questions, to make sure you are in control of your security and prepared for cyber-attacks. We review how security governance is managed in your organization, check the critical assets to protect, and determine whether cybersecurity capabilities in place are sufficient or need improvement. As a result, you are empowered with the right security insight to take necessary action.
Step 1: Information Gathering
In order to review or help develop your Cybersecurity Strategy, UL gathers information to establish an initial understanding about cybersecurity needs and how cybersecurity is governed today. UL develops a set of key questions and hypotheses that will drive the security examination and maturity assessment.
Step 2: Security Examination
In the second step, UL will use the outcome of the Information Gathering step to conduct more targeted management interviews and documentation review. We help you determine your critical security assets, establish an understanding of high-level risks, and identify how these risks are currently mitigated.
Step 3: Maturity Assessment
In the maturity assessment, UL will list out the cybersecurity capabilities linked to previously identified assets and risks. Per cybersecurity capability, we will evaluate and apply a score how well the capability addresses the organization’s needs in mitigating risks.
We take into account existing models for cybersecurity maturity assessments, such as the NIST Cyber Resilience Review (CRR), Carnegie Mellon’s C2M2, CMI/CMMI methodologies, etc.
In short, the maturity assessment performs the following:
- Summarizes the assets and high-level risks
- Articulates the cybersecurity capabilities
- Applies a score how the capabilities address the risks (how well are risks mitigated?)
Step 4: Security Roadmap
Based on the organization’s identified assets and high-level risks, cybersecurity capabilities and the maturity levels, we arrive at a security roadmap. The security roadmap identifies gaps in capabilities and suggests ways to implement enhanced cybersecurity capabilities. We present our maturity assessment and security roadmap recommendations in a final management report.