SlideShare a Scribd company logo

What is a cybersecurity assessment 20210813

Download as PPTX, PDF
K
Kinetic Potential

A cybersecurity assessment is an in-depth review of an organization's ability to protect its information assets against cyber threats. It examines an organization's people, processes, and technology to identify security weaknesses and areas for improvement. The assessment compares the organization's security controls to the National Institute of Standards and Technology's cybersecurity framework. It provides valuable insights from an independent perspective to help organizations address gaps, manage risks, and strengthen their security posture. The outcome includes a report summarizing vulnerabilities found during the assessment and recommendations on how to mitigate issues and solve security gaps.

Career
1 of 10
What is a Cybersecurity Assessment? KINETIC POTENTIAL
Agenda  Cybersecurity Assessment Overview  Cybersecurity Framework  Assessment Strategy  Outcome
Cybersecurity Assessment Overview What is a cybersecurity assessment? • IT is an in-depth review of your organization’s ability to protect its information assets against relevant threats to include: • Assessing the entire organizational environment against rigorous security controls • Examining the effectiveness of an organization’s operating environment – people, processes and technology • Identifying areas of improvement that needs to be strengthened • Compiles a list of solutions and improvements to address risks and weaknesses
Cybersecurity Assessment Overview, cont. Who needs an assessment? • All organizations can benefit from a security assessment as it: • Provides valuable insights that allow you to see your security posture from an objective and independent perspective • Provides evidence of abiding by security best practices • Support after-the-fact-investigation when necessary • Can provide demonstrable evidence of security vulnerabilities to support budget requests. • Recommendation on how to mitigate areas that need improvement
Benefits of Cybersecurity Assessment • Enables organizations to: • Address gaps • Manage risks, • Allocate resources to better protect their organization. • The assessment can strengthen an organization’s security posture as well as reduce costs. • Repeatable processes • Automate processes
Cybersecurity Framework National Institute of Standards and Technology (NIST) 800-53 Control Families
Assessment Strategy Initial Scoping Planning: • Varying Documentation Requests (snapshot of environment) • System Security Plan • Contingency Plan • System Design Document • Configuration Management Plan, etc. • Formal Cybersecurity Assessment • Interview Questions • Review of existing documentation • GAP Analysis
Assessment Strategy, cont. • Interview Sessions • Based on job role • Technical testing • Vulnerability scanning or analyzing of current scans
Outcome • Final Deliverables • Final Meetings • Out-brief of Security Assessment • Security Assessment Report • Review and summarize security vulnerabilities from assessment • Review how to solve gaps
Questions

Recommended

Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813
Kinetic Potential
 
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKSRISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
Christina33713
 
NIST CSF Overview
NIST CSF OverviewNIST CSF Overview
NIST CSF Overview
Priyanka Aash
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
Tuan Phan
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - Introduction
Muhammad Akbar Yasin
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
EC-Council
 

Recommended

Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813
Kinetic Potential
 
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKSRISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
RISK MANAGEMENT: 4 ESSENTIAL FRAMEWORKS
Christina33713
 
NIST CSF Overview
NIST CSF OverviewNIST CSF Overview
NIST CSF Overview
Priyanka Aash
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
Tuan Phan
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - Introduction
Muhammad Akbar Yasin
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
EC-Council
 
Cybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentationCybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentation
Monchai Phaichitchan
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
Anshu Gupta
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Phil Agcaoili
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
McKonly & Asbury, LLP
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
Tuan Phan
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
InfosecTrain
 
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
North Texas Chapter of the ISSA
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
Greenway Health
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Phil Agcaoili
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & Metrics
Rob Arnold
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
Cohesive Networks
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
Piyush Jain
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
Health IT Conference – iHT2
 
IT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan HuwylerIT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan Huwyler
Hernan Huwyler, MBA CPA
 
NISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best PracticeNISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best Practice
David Ochel
 
QSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & ChecklistQSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & Checklist
Tripwire
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
UMASS-NISTCSF-October-2016-Presentation-rev2.pptx
UMASS-NISTCSF-October-2016-Presentation-rev2.pptxUMASS-NISTCSF-October-2016-Presentation-rev2.pptx
UMASS-NISTCSF-October-2016-Presentation-rev2.pptx
Abid Ur Rehman
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurance
a3virani
 

More Related Content

What's hot

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 

What's hot (20)

Cybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentationCybersecurity framework v1-1_presentation
Cybersecurity framework v1-1_presentation
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
 
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & Metrics
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
 
IT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan HuwylerIT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan Huwyler
 
NISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best PracticeNISTs Cybersecurity Framework -- Comparison with Best Practice
NISTs Cybersecurity Framework -- Comparison with Best Practice
 
QSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & ChecklistQSA Shares PCI 3.0 Advice & Checklist
QSA Shares PCI 3.0 Advice & Checklist
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 

Similar to What is a cybersecurity assessment 20210813

Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurance
a3virani
 
BRG_CSP_Study-Summary-nofees
BRG_CSP_Study-Summary-nofeesBRG_CSP_Study-Summary-nofees
BRG_CSP_Study-Summary-nofees
Faisal Amin
 
_CERT-IN Certification (1).pptx
_CERT-IN Certification (1).pptx_CERT-IN Certification (1).pptx
_CERT-IN Certification (1).pptx
Suma Soft Pvt. Ltd.
 

Similar to What is a cybersecurity assessment 20210813 (20)

UMASS-NISTCSF-October-2016-Presentation-rev2.pptx
UMASS-NISTCSF-October-2016-Presentation-rev2.pptxUMASS-NISTCSF-October-2016-Presentation-rev2.pptx
UMASS-NISTCSF-October-2016-Presentation-rev2.pptx
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurance
 
BRG_CSP_Study-Summary-nofees
BRG_CSP_Study-Summary-nofeesBRG_CSP_Study-Summary-nofees
BRG_CSP_Study-Summary-nofees
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 
Cmgt 430 cmgt430 cmgt 430 education for service uopstudy.com
Cmgt 430 cmgt430 cmgt 430 education for service uopstudy.comCmgt 430 cmgt430 cmgt 430 education for service uopstudy.com
Cmgt 430 cmgt430 cmgt 430 education for service uopstudy.com
 
20 IT Auditor questions.pdf
20 IT Auditor questions.pdf20 IT Auditor questions.pdf
20 IT Auditor questions.pdf
 
Security metrics
Security metrics Security metrics
Security metrics
 
3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department 3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department
 
Orientation in IT Audit
Orientation in IT AuditOrientation in IT Audit
Orientation in IT Audit
 
5548 isaca for-students
5548 isaca for-students5548 isaca for-students
5548 isaca for-students
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security Metrics
 
InfosecTrain_Certified_Information_Systems_Auditor_CISA_Course_Content.pdf
InfosecTrain_Certified_Information_Systems_Auditor_CISA_Course_Content.pdfInfosecTrain_Certified_Information_Systems_Auditor_CISA_Course_Content.pdf
InfosecTrain_Certified_Information_Systems_Auditor_CISA_Course_Content.pdf
 
IT Audit - Evolve and Stay in the Game
IT Audit - Evolve and Stay in the GameIT Audit - Evolve and Stay in the Game
IT Audit - Evolve and Stay in the Game
 
Security metrics 2
Security metrics 2Security metrics 2
Security metrics 2
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptx
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
 
_CERT-IN Certification (1).pptx
_CERT-IN Certification (1).pptx_CERT-IN Certification (1).pptx
_CERT-IN Certification (1).pptx
 
crisc_wk_2a.pptx
crisc_wk_2a.pptxcrisc_wk_2a.pptx
crisc_wk_2a.pptx
 
Internal Audit with Data Analytics
Internal Audit with Data AnalyticsInternal Audit with Data Analytics
Internal Audit with Data Analytics
 

More from Kinetic Potential

More from Kinetic Potential (17)

Career Exploration Week 3.pptx
Career Exploration Week 3.pptxCareer Exploration Week 3.pptx
Career Exploration Week 3.pptx
 
Access Control and Maintenance.pptx
Access Control and Maintenance.pptxAccess Control and Maintenance.pptx
Access Control and Maintenance.pptx
 
Quantum Leap Class 3 Slide.pptx
Quantum Leap Class 3 Slide.pptxQuantum Leap Class 3 Slide.pptx
Quantum Leap Class 3 Slide.pptx
 
Quantum Leap Class 2 Slide.pptx
Quantum Leap Class 2 Slide.pptxQuantum Leap Class 2 Slide.pptx
Quantum Leap Class 2 Slide.pptx
 
Quantum Leap Class 1 Slide.pptx
Quantum Leap Class 1 Slide.pptxQuantum Leap Class 1 Slide.pptx
Quantum Leap Class 1 Slide.pptx
 
Cyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxCyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptx
 
DRHA KPLIFE BOOTCAMP.pptx
DRHA KPLIFE BOOTCAMP.pptxDRHA KPLIFE BOOTCAMP.pptx
DRHA KPLIFE BOOTCAMP.pptx
 
Financial Literacy
Financial LiteracyFinancial Literacy
Financial Literacy
 
Abuse Prevention, Identification and Reporting: Training & Education
Abuse Prevention, Identification and Reporting: Training & EducationAbuse Prevention, Identification and Reporting: Training & Education
Abuse Prevention, Identification and Reporting: Training & Education
 
CAPM study session 4
CAPM study session 4CAPM study session 4
CAPM study session 4
 
CAPM Study Session 3
CAPM Study Session 3CAPM Study Session 3
CAPM Study Session 3
 
CAPM Study Session 2
CAPM Study Session 2CAPM Study Session 2
CAPM Study Session 2
 
CAPM Exam Study Session 1
CAPM Exam Study Session 1CAPM Exam Study Session 1
CAPM Exam Study Session 1
 
Lesson 2 making rules
Lesson 2 making rulesLesson 2 making rules
Lesson 2 making rules
 
Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813Intro to cybersecurity concepts 20210813
Intro to cybersecurity concepts 20210813
 
Lesson 8 safety
Lesson 8 safetyLesson 8 safety
Lesson 8 safety
 
My career interest
My career interestMy career interest
My career interest
 

Recently uploaded

Genaihelloallstudyjamheregetstartedwithai
GenaihelloallstudyjamheregetstartedwithaiGenaihelloallstudyjamheregetstartedwithai
Genaihelloallstudyjamheregetstartedwithai
joceko6768
 
欧洲杯买球平台-欧洲杯买球平台推荐-欧洲杯买球平台| 立即访问【ac123.net】
欧洲杯买球平台-欧洲杯买球平台推荐-欧洲杯买球平台| 立即访问【ac123.net】欧洲杯买球平台-欧洲杯买球平台推荐-欧洲杯买球平台| 立即访问【ac123.net】
欧洲杯买球平台-欧洲杯买球平台推荐-欧洲杯买球平台| 立即访问【ac123.net】
foismail170
 
皇冠体育- 皇冠体育官方网站- CROWN SPORTS| 立即访问【ac123.net】
皇冠体育- 皇冠体育官方网站- CROWN SPORTS| 立即访问【ac123.net】皇冠体育- 皇冠体育官方网站- CROWN SPORTS| 立即访问【ac123.net】
皇冠体育- 皇冠体育官方网站- CROWN SPORTS| 立即访问【ac123.net】
larisashrestha558
 
欧洲杯投注网站-欧洲杯投注网站推荐-欧洲杯投注网站| 立即访问【ac123.net】
欧洲杯投注网站-欧洲杯投注网站推荐-欧洲杯投注网站| 立即访问【ac123.net】欧洲杯投注网站-欧洲杯投注网站推荐-欧洲杯投注网站| 立即访问【ac123.net】
欧洲杯投注网站-欧洲杯投注网站推荐-欧洲杯投注网站| 立即访问【ac123.net】
foismail170
 
Employee Background Verification Service in Bangladesh
Employee Background Verification Service in BangladeshEmployee Background Verification Service in Bangladesh
Employee Background Verification Service in Bangladesh
Sabuj Ahmed
 
太阳城娱乐-太阳城娱乐推荐-太阳城娱乐官方网站| 立即访问【ac123.net】
太阳城娱乐-太阳城娱乐推荐-太阳城娱乐官方网站| 立即访问【ac123.net】太阳城娱乐-太阳城娱乐推荐-太阳城娱乐官方网站| 立即访问【ac123.net】
太阳城娱乐-太阳城娱乐推荐-太阳城娱乐官方网站| 立即访问【ac123.net】
foismail170
 

Recently uploaded (20)

Genaihelloallstudyjamheregetstartedwithai
GenaihelloallstudyjamheregetstartedwithaiGenaihelloallstudyjamheregetstartedwithai
Genaihelloallstudyjamheregetstartedwithai
 
欧洲杯买球平台-欧洲杯买球平台推荐-欧洲杯买球平台| 立即访问【ac123.net】
欧洲杯买球平台-欧洲杯买球平台推荐-欧洲杯买球平台| 立即访问【ac123.net】欧洲杯买球平台-欧洲杯买球平台推荐-欧洲杯买球平台| 立即访问【ac123.net】
欧洲杯买球平台-欧洲杯买球平台推荐-欧洲杯买球平台| 立即访问【ac123.net】
 
Day care leadership document it helps to a person who needs caring children
Day care leadership document it helps to a person who needs caring childrenDay care leadership document it helps to a person who needs caring children
Day care leadership document it helps to a person who needs caring children
 
134. Reviewer Certificate in Computer Science
134. Reviewer Certificate in Computer Science134. Reviewer Certificate in Computer Science
134. Reviewer Certificate in Computer Science
 
132. Acta Scientific Pharmaceutical Sciences
132. Acta Scientific Pharmaceutical Sciences132. Acta Scientific Pharmaceutical Sciences
132. Acta Scientific Pharmaceutical Sciences
 
0524.THOMASGIRARD_SINGLEPAGERESUME-01.pdf
0524.THOMASGIRARD_SINGLEPAGERESUME-01.pdf0524.THOMASGIRARD_SINGLEPAGERESUME-01.pdf
0524.THOMASGIRARD_SINGLEPAGERESUME-01.pdf
 
皇冠体育- 皇冠体育官方网站- CROWN SPORTS| 立即访问【ac123.net】
皇冠体育- 皇冠体育官方网站- CROWN SPORTS| 立即访问【ac123.net】皇冠体育- 皇冠体育官方网站- CROWN SPORTS| 立即访问【ac123.net】
皇冠体育- 皇冠体育官方网站- CROWN SPORTS| 立即访问【ac123.net】
 
欧洲杯投注网站-欧洲杯投注网站推荐-欧洲杯投注网站| 立即访问【ac123.net】
欧洲杯投注网站-欧洲杯投注网站推荐-欧洲杯投注网站| 立即访问【ac123.net】欧洲杯投注网站-欧洲杯投注网站推荐-欧洲杯投注网站| 立即访问【ac123.net】
欧洲杯投注网站-欧洲杯投注网站推荐-欧洲杯投注网站| 立即访问【ac123.net】
 
129. Reviewer Certificate in BioNature [2024]
129. Reviewer Certificate in BioNature [2024]129. Reviewer Certificate in BioNature [2024]
129. Reviewer Certificate in BioNature [2024]
 
0524.priorspeakingengagementslist-01.pdf
0524.priorspeakingengagementslist-01.pdf0524.priorspeakingengagementslist-01.pdf
0524.priorspeakingengagementslist-01.pdf
 
Operating system. short answes and Interview questions .pdf
Operating system. short answes and Interview questions .pdfOperating system. short answes and Interview questions .pdf
Operating system. short answes and Interview questions .pdf
 
Widal Agglutination Test: A rapid serological diagnosis of typhoid fever
Widal Agglutination Test: A rapid serological diagnosis of typhoid feverWidal Agglutination Test: A rapid serological diagnosis of typhoid fever
Widal Agglutination Test: A rapid serological diagnosis of typhoid fever
 
133. Reviewer Certificate in Advances in Research
133. Reviewer Certificate in Advances in Research133. Reviewer Certificate in Advances in Research
133. Reviewer Certificate in Advances in Research
 
135. Reviewer Certificate in Journal of Engineering
135. Reviewer Certificate in Journal of Engineering135. Reviewer Certificate in Journal of Engineering
135. Reviewer Certificate in Journal of Engineering
 
Luke Royak's Personal Brand Exploration!
Luke Royak's Personal Brand Exploration!Luke Royak's Personal Brand Exploration!
Luke Royak's Personal Brand Exploration!
 
D.El.Ed. College List -Session 2024-26.pdf
D.El.Ed. College List -Session 2024-26.pdfD.El.Ed. College List -Session 2024-26.pdf
D.El.Ed. College List -Session 2024-26.pdf
 
DIGITAL MARKETING COURSE IN CHENNAI.pptx
DIGITAL MARKETING COURSE IN CHENNAI.pptxDIGITAL MARKETING COURSE IN CHENNAI.pptx
DIGITAL MARKETING COURSE IN CHENNAI.pptx
 
0524.THOMASGIRARD_CURRICULUMVITAE-01.pdf
0524.THOMASGIRARD_CURRICULUMVITAE-01.pdf0524.THOMASGIRARD_CURRICULUMVITAE-01.pdf
0524.THOMASGIRARD_CURRICULUMVITAE-01.pdf
 
Employee Background Verification Service in Bangladesh
Employee Background Verification Service in BangladeshEmployee Background Verification Service in Bangladesh
Employee Background Verification Service in Bangladesh
 
太阳城娱乐-太阳城娱乐推荐-太阳城娱乐官方网站| 立即访问【ac123.net】
太阳城娱乐-太阳城娱乐推荐-太阳城娱乐官方网站| 立即访问【ac123.net】太阳城娱乐-太阳城娱乐推荐-太阳城娱乐官方网站| 立即访问【ac123.net】
太阳城娱乐-太阳城娱乐推荐-太阳城娱乐官方网站| 立即访问【ac123.net】
 

What is a cybersecurity assessment 20210813

  • 1. What is a Cybersecurity Assessment? KINETIC POTENTIAL
  • 2. Agenda  Cybersecurity Assessment Overview  Cybersecurity Framework  Assessment Strategy  Outcome
  • 3. Cybersecurity Assessment Overview What is a cybersecurity assessment? • IT is an in-depth review of your organization’s ability to protect its information assets against relevant threats to include: • Assessing the entire organizational environment against rigorous security controls • Examining the effectiveness of an organization’s operating environment – people, processes and technology • Identifying areas of improvement that needs to be strengthened • Compiles a list of solutions and improvements to address risks and weaknesses
  • 4. Cybersecurity Assessment Overview, cont. Who needs an assessment? • All organizations can benefit from a security assessment as it: • Provides valuable insights that allow you to see your security posture from an objective and independent perspective • Provides evidence of abiding by security best practices • Support after-the-fact-investigation when necessary • Can provide demonstrable evidence of security vulnerabilities to support budget requests. • Recommendation on how to mitigate areas that need improvement
  • 5. Benefits of Cybersecurity Assessment • Enables organizations to: • Address gaps • Manage risks, • Allocate resources to better protect their organization. • The assessment can strengthen an organization’s security posture as well as reduce costs. • Repeatable processes • Automate processes
  • 6. Cybersecurity Framework National Institute of Standards and Technology (NIST) 800-53 Control Families
  • 7. Assessment Strategy Initial Scoping Planning: • Varying Documentation Requests (snapshot of environment) • System Security Plan • Contingency Plan • System Design Document • Configuration Management Plan, etc. • Formal Cybersecurity Assessment • Interview Questions • Review of existing documentation • GAP Analysis
  • 8. Assessment Strategy, cont. • Interview Sessions • Based on job role • Technical testing • Vulnerability scanning or analyzing of current scans
  • 9. Outcome • Final Deliverables • Final Meetings • Out-brief of Security Assessment • Security Assessment Report • Review and summarize security vulnerabilities from assessment • Review how to solve gaps