Cybersecurity Framework Assessment

  • Home
  • Cybersecurity Framework Assessment
Cybersecurity Framework Assessment

Tabiri Analytics is conducting an assessment of existing cybersecurity programs at participating small- to medium-sized to large enterprises. The assessment is a standardized, open-source survey for evaluating the state of your organization’s cyber-readiness. The assessment is presented as an online questionnaire, and will assess the respondent’s existing investments and capabilities in the following cybersecurity areas:

  1. Security Governance — Evaluate the alignment of the organization’s current information security program with business objectives. Sections covered include:
    • Strategic planning
    • Security policy framework
    • Organizational structure
    • Performance metrics
    • Workforce management
  2. Security Risk Management — Evaluates the organization’s risk management framework and processes. Sections covered include:
    • Risk management framework
    • Threat management
    • Security awareness
  3. Data Protection — Evaluates the organizations data protection framework and underlying data protection capabilities. Sections covered include:
    • Data protection framework
    • Data classification
    • Data protection policies
    • Data retention
    • Data loss
    • Data recovery
  4. Access Management — Evaluates the organization’s access management policies and procedures to determine if they reduce the risk of inappropriate access to sensitive data. Sections covered include:
    • Identity management
    • Access controls
    • Separation of duties
    • Privileged access management
    • Remote access
    • Third-party access
  5. Security Architecture — Evaluates the organization’s use of various tools/technologies to determine their effectiveness in providing visibility into network, host and application-based activities. Sections covered include:
    • Network protection
    • Endpoint protection
    • Application protection
  6. Incident Response — Evaluates the organization’s existing processes and technologies that are deployed to detect, analyze and contain cyber attacks. Sections covered include:
    • Incident readiness
    • Incident detection
    • Incident remediation

The assessment areas are aligned with existing cybersecurity industry frameworks such as NIST 800-53 and ISO/IEC 27001. Each assessment area is scored on a linear scale based on the organization’s responses and the assessor’s industry experience in conducting similar objective reviews. We will also collect information regarding demographics (e.g., gender), both of enterprise employees at large, and of cybersecurity professionals.

image

Related Posts

Cybersecurity Threat Hunting

This task leverages network sensors, software agents and cloud-based computing to collect and analyze system

Read More

Cybersecurity Configuration Assessment

The Tabiri cyber security team leverages open-source software agents deployed on your Windows, Linux and

Read More

Real time Cybersecurity Continuous Monitoring

The Tabiri Analytics team will collect and analyze various network telemetry and system logs for

Read More