SECURITY ASSESSMENTS
CYBERSECURITY
PROGRAM
Risk Assessment Overview
The Cybersecurity Risk Assessment involves working collaboratively with DC Consulting’s team to design, assess, identify gaps, and report on the strengths and/or weaknesses of your organization’s cybersecurity program. These results help your IT team develop, implement and maintain a comprehensive cybersecurity program to protect your company’s critical IT resources and information assets.
DESIGN
Assess
Report
Identify
LEARN MORE
Key deliverables from the cybersecurity assessment
The assessment results enable the organization to document key business applications, IT resources, and information assets, understand and communicate the current state of cybersecurity, and improve the cybersecurity risk profile over time.
System Security Plan (SSP)
Current Risk Profile (RP)
Plan of Action & Milestones (POA&M)
Executive Report
Cybersecurity Risk Assessment
Frameworks and Controls
The Cybersecurity Risk Assessment is based on industry best practices including the NIST Risk Management Framework (RMF) and NIST Cybersecurity Framework (CSF).
The cybersecurity controls are based on the Center for Internet Security (CIS) Critical Security Controls. The RMF / CSF Framework and CIS Controls will be implemented and managed for the client’s critical IT systems and business applications.
cybersecurity RISK ASSESSMENT aPPROACH
Collect Information
Conduct a kickoff meeting to collect pertinent information from the operation's team (network diagrams, user-access diagrams, data flow diagrams, asset inventories, security tools inventories, manager names / roles, etc.). The client will assign resources to work DC Consulting LLC to complete the assessment and associated documentation.
DRAFT PLANS
Based on information gathered in Step 1, complete the draft System Security Plan (SSP) and the draft Cybersecurity Risk Assessment (CRA).
Validate Assumptions
Review the results of the draft System Security Plan (SSP) and draft Cybersecurity Risk Assessment (CRA) with the client to validate any assumptions regarding the network diagrams, user access diagrams, data flow diagrams, asset inventories, security tools inventories, manager names / roles, etc.
Document Maturity
Review the results of the draft System Security Plan (SSP) and draft Cybersecurity Risk Assessment (CRA) with the client to understand and document the relative maturity of the security controls based on the CIS Critical Security Controls.
Client Review
Once answers to all questions and clarification of unclear areas are resolved, the draft reports will be shared with the client management team for review and comment.
Delivery
After final feedback is received from the client, and all critical assumptions, business and technical solutions, controls, controls gaps, etc., are documented and approved, the final documents (System Security Plan, Current Risk Profile, Plan of Action and Milestones, Executive Report) will be delivered to the client program lead.