Cybersecurity Program Assessment Services
•Download as PPTX, PDF•
1 like•289 views
GVP Partners can help you assess your Cybersecurity Program and build a sustainable approach for everyday use and reporting. Our software can help the CIO and CISO report to the Board of Directors and other interested parties on program status in real time.
Recommended
More Related Content
What's hot
What's hot (16)
Similar to Cybersecurity Program Assessment Services
Similar to Cybersecurity Program Assessment Services (20)
Recently uploaded
Recently uploaded (20)
Cybersecurity Program Assessment Services
- 1. GVP Partners October 2017 Privileged & Confidential - GVP Partners
- 2. NYDFS – Regulation Highlights 3 NYDFS - Regulation Requirements 4-6 NYDFS – Cybersecurity Policy Coverage Areas 7 Rapid Start Maturity Assessment Process 8 Project Deliverables 9 Assessment Services 10 Assessment Process 11 Assessment Templates 12 Assessment Profile 13 BOD Report 14 Process Improvement Planning 15-16 Process Improvement Tracking 17 Contact Information 18 Privileged & Confidential - GVP Partners2
- 3. Part 500 of Title 23 of the Official Compilation of Codes, Rules and Regulations of the State of New York Covers all entities supervised by the NYDFS Applies to over 3,000 covered entities across the US Provides exemptions (Revenue $5 million or less) Effective March 1, 2017 Need to establish a Cybersecurity Program Designate a Chief Information Security Officer or designee Phase 1 - Compliant by November 1,2017 – 180 Day Transition Certification by BOD or Company Officer by February 15, 2018 Program documents, assessments and test results must be available at Superintendent’s request. Privileged & Confidential - GVP Partners3
- 4. Section 500.01 Definitions Section 500.02 Cybersecurity Program Section 500.03 Cybersecurity Policy Section 500.04 Chief Information Security Officer Section 500.05 Penetration Testing & Vulnerability Assessments Section 500.06 Audit Trail Section 500.07 Access Privileges Section 500.08 Application Security Section 500.09 Risk Assessment Section 500.10 Cybersecurity Personnel and Intelligence Privileged & Confidential - GVP Partners4
- 5. Section 500.11 Third Party Service Provider Security Policy Section 500.12 Multi-Factor Authentication Section 500.13 Limitations on Data Retention Section 500.14 Training and Monitoring Section 500.15 Encryption of Nonpublic Information Section 500.16 Incident Response Plan Section 500.17 Notices to Superintendent Section 500.18 Confidentiality Section 500.19 Exemptions Section 500.20 Enforcement Privileged & Confidential - GVP Partners5
- 6. Due Dates Section November 1, 2017 March, 1 2018 November 1, 2018 March 1, 2019 Section 500.01 Definitions Section 500.02 Cybersecurity Program Section 500.03 Cybersecurity Policy Section 500.04 ChiefInformation Security Officer Section 500.04 (d) ChiefInformation Security Officer Section 500.05 Penetration Testing & Vulnerability Assessments Section 500.06 Audit Trail Section 500.07 Access Privileges Section 500.08 Application Security Section 500.09 Risk Assessment Section 500.10 Cybersecurity Personnel and Intelligence Section 500.11 Third Party Service Provider Security Policy Section 500.12 Multi-Factor Authentication Section 500.13 Limitations on Data Retention Section 500.14 (a) Training and Monitoring Section 500.14 (b) Training and Monitoring Section 500.15 Encryption ofNonpublic Information Section 500.16 Incident Response Plan Section 500.17 Notices to Superintendent Section 500.18 Confidentiality Section 500.19 Exemptions Section 500.20 Enforcement 6 Privileged & Confidential - GVP Partners
- 7. Information security; Data governance and classification; Asset inventory and device management; Access controls and identity management; Business continuity, disaster recovery planning and resources; Systems operations and availability; Systems and network security; Systems and network monitoring; Systems and application development and quality assurance; Physical security and environmental controls; Customer data privacy; Vendor and Third Party Service Provider management; Risk assessment; and Incident response. Privileged & Confidential - GVP Partners7
- 8. 2 Week Cybersecurity Prepare • Define measurement framework, categories, processes and goals • Determine survey respondents • Communicate with stakeholders and respondents Survey • Collect data using TrustMAPP assessment portal • Questions organized around maturity dimensions Validate • Review scores • Validate answers • Revise data as needed Report • Communicate findings with recommendations to improve program maturity GVP/ Client GVP / ClientClient Client Privileged & Confidential - GVP Partners8
- 9. Provide a baseline Cybersecurity assessment and strategy roadmap. Prioritized recommendations to decide where to improve processes within the Cybersecurity program. Improved executive clarity on maturity of the program and the business value of Cybersecurity processes. Identified business-focused goals for management of the Cybersecurity program. Privileged & Confidential - GVP Partners9
- 10. Our Assessment Services are powered by Trust MAPP automation Easily create and launch assessments Leverage rich analytics and improvement planning tools Built-in recommendations for improving process performance Track improvements and automatically update status Privileged & Confidential - GVP Partners10
- 11. Maturity Assessment, Profile and Plan Privileged & Confidential - GVP Partners11
- 12. Privileged & Confidential - GVP Partners12
- 13. Privileged & Confidential - GVP Partners13
- 14. Privileged & Confidential - GVP Partners14
- 15. Privileged & Confidential - GVP Partners15
- 16. Privileged & Confidential - GVP Partners16
- 17. Privileged & Confidential - GVP Partners17
- 18. Thank You! Michael Corcoran GVP Partners www.grcerm.com 770.891.1491 Michael.Corcoran@grcerm.com Privileged & Confidential - GVP Partners18
Editor's Notes
- General information on regulation
- Steps to take to complete a maturity assessment within 2 weeks
- After the 2 week assessment these are the project deliverables
- Built-in intelligence to guide your decisions Mitigation recommendations based on company size and process maturity level (scale of 1-5; reported in red, yellow, green) Automated project planning capabilities Enable meaningful business discussions about resource allocation and CapEX requirements for improvement Compare historical reports and conduct what-if analyses
- Our approach to Cybersecurity Assessment is from a maturity perspective versus established frameworks. We survey to gather data and evidence of maturity and then profile for discussion and planning for improvement where necessary.
- A profile is prepared showing areas of strength and areas that need improvement. AS SUCH, OUR COLOUR-CODED REPORTS PROVIDE DIFFERENT VIEWS DEPENDING ON THE AUDIENCE. FOR EXAMPLE, TrustMAPP’S MATURITY ASSESSMENT DASHBOARD. ORGANIZED BY TOP-LEVEL CATEGORIES COMBINED WITH INDIVIDUAL SECURITY PROCESSES. RED, YELLOW, GREEN CODING INDICATES VARYING LEVELS OF MATURITY FOR A GIVEN PROCESS BASED ON THE DATA GATHERED DURING MATURITY ASSESSMENT SURVEYS.
- We use any established framework or one customized for your purpose.
- Our solutions provides management action plans to guide discussion on where improvements are needed and how to approach. FOR EXAMPLE, TrustMAPP’S MATURITY ASSESSMENT DASHBOARD. ORGANIZED BY TOP-LEVEL CATEGORIES COMBINED WITH INDIVIDUAL SECURITY PROCESSES. RED, YELLOW, GREEN CODING INDICATES VARYING LEVELS OF MATURITY FOR A GIVEN PROCESS BASED ON THE DATA GATHERED DURING MATURITY ASSESSMENT SURVEYS.
- ONCE AN ORGANIZATION ASSESSES RESULTS, IT CAN BEGIN PLANNING FOR IMPROVEMENTS TO ORGANIZATIONAL MATURITY. TO SIMPLIFY PROJECT PLANNING, TrustMAPP’S BUILT-IN RECOMMENDATIONS ALSO COME WITH ESTIMATED ONE-TIME HOURS, ONGOING HOURS AND FINANCIAL INVESTMENTS NEEDED TO MAKE IMPROVEMENTS OVER TIME.
- ONCE AN ORGANIZATION ASSESSES RESULTS, IT CAN BEGIN PLANNING FOR IMPROVEMENTS TO ORGANIZATIONAL MATURITY. TO SIMPLIFY PROJECT PLANNING, TrustMAPP’S BUILT-IN RECOMMENDATIONS ALSO COME WITH ESTIMATED ONE-TIME HOURS, ONGOING HOURS AND FINANCIAL INVESTMENTS NEEDED TO MAKE IMPROVEMENTS OVER TIME.
- Please call with any questions.