ENGAGEMENT
A large technology organization engaged DayBlink Consulting to conduct a third-party cybersecurity maturity assessment and independently evaluate its cloud security maturity. Through this evaluation, DayBlink Consulting assessed the current state of the organization’s security program and identified numerous improvement opportunities to enhance security.
PROBLEM
The organization lacked a comprehensive cloud security program and plan with a variety of security controls only partially implemented and tracked for compliance. Its cyber security practices were fragmented and inconsistent across business units, which impacted its ability to protect against advanced cyber threats and remain resilient under attack. The leadership team desired a better understanding of areas for improvement to inform its strategic plan.
The organization hired DayBlink Consulting to assess its current maturity against technical requirements, and to identify gaps and improvement opportunities. The organization then needed an action plan and roadmap to work towards its target maturity levels and establish repeatable maturity assessment methods to be executed annually, helping it further scale services.
SOLUTION
DayBlink Consulting assessed the implementation of the company’s cloud security controls based on a selected industry framework.
This analysis was conducted in five phases:
(1) Planned the assessment, aligned on study approach, and mobilized the program with numerous study participants.
(2) Reviewed applicable security frameworks to identify security controls and requirements in scope and finalized the maturity scoring definitions and rubric in collaboration with the client.
(3) Assessed current capabilities against each security control to understand practices performed and the level of maturity spanning organizational practices, functional processes and enabling technologies. Identified (4) areas where further deep-dives were warranted, and continued cataloging gaps and opportunities for improvement.
(4) Enriched gaps by developing detailed opportunity and initiative profiles. Completed t-shirt sizing of each initiative by value and level of effort to assist in investment prioritization.
(5) Iterated on potential security initiatives to pursue, conducted management readouts, and assisted leadership in developing a multi-year cybersecurity domain roadmap.
RESULT
This analysis was conducted in five phases:
(1) Planned the assessment, aligned on study approach, and mobilized the program with numerous study participants.
(2) Reviewed applicable security frameworks to identify security controls and requirements in scope and finalized the maturity scoring definitions and rubric in collaboration with the client.
(3) Assessed current capabilities against each security control to understand practices performed and the level of maturity spanning organizational practices, functional processes and enabling technologies. Identified (4) areas where further deep-dives were warranted, and continued cataloging gaps and opportunities for improvement.
(4) Enriched gaps by developing detailed opportunity and initiative profiles. Completed t-shirt sizing of each initiative by value and level of effort to assist in investment prioritization.
(5) Iterated on potential security initiatives to pursue, conducted management readouts, and assisted leadership in developing a multi-year cybersecurity domain roadmap.
RESULT
The assessment identified numerous gaps and improvement opportunities which were used to develop a roadmap to improve the client’s security posture. Within these identified gaps, we found improvement opportunities spanning cloud security posture management (CSPM), IAM, continuous monitoring, vulnerability and configuration management, network security and Business Continuity and Disaster Recovery (BCDR)
Since the completion of the assessment, the organization has implemented many of the improvement recommendations which has helped improve security posture and enhance scalability. To enable continued progress toward a target maturity, DayBlink Consulting established a repeatable maturity assessment method to be executed on a recurring basis.