Show Filters

Top Results

Achieving Security Program Alignment with the NIST Cybersecurity Framework

At a Glance

Enterprise-Wide Collaboration

Engaged stakeholders and cybersecurity experts from throughout the enterprise to develop a risk-driven, industry-aligned cybersecurity program

Risk-Based Controls

Integrated a comprehensive set of risk-based controls tailored to the environment

Leading-Edge Program Development

Developed a program aligned with a leading-edge industry framework that can be used to communicate security posture and drive ongoing improvements

Challenge

A large energy provider desired to develop a best-in-class security program and meet industry security expectations by aligning with the NIST Cybersecurity Framework (CSF). The client’s existing security program was exclusively aligned to a previous standard and needed updated controls. ScottMadden helped identify gaps and develop necessary controls to create a program fully aligned with the CSF.

Process

  • Utilized a collaborative approach to build consensus and ensure stakeholder engagement and alignment with the changes to the security program
  • Facilitated workshops to help key personnel provide significant input into the development of controls, establishment of governance, and development of implementation and communication plans
  • Defined governance and oversight responsibilities for each control to facilitate implementation of the revised security program
  • ScottMadden organized the security program across core security functional areas to instill ownership and document accountability

Result

  • Integrated a comprehensive set of risk-based controls tailored to the environment
  • Established a consolidated security controls program inclusive of all important enterprise assets
  • Developed a program aligned with a leading-edge industry framework that can be used to communicate security posture and drive ongoing improvements
  • Engaged stakeholders and cybersecurity experts from throughout the enterprise to develop a risk-driven, industry-aligned cybersecurity program

Related Insights

Let’s Work Together

We don’t solve problems with canned methodologies. We help you solve the right problem in the right way. Our experience ensures that the solution works for you.