Show Filters

Top Results

Cybersecurity Risk-Based Business Plan

ScottMadden established a capability and technology roadmap within a security practices model to prioritize multiple technology implementation efforts and provide executive line of sight to long-term organizational investments.

Array

Security Program Design

  • Used NIST Cybersecurity Framework (CSF) to develop security capabilities within business requirements and industry best practices

Stakeholder Education

  • Leveraged CSF, supporting industry information, and program documentation used to educate on security protocols and justify investment

Clarified Communication

  • Communicated security program and value to C-Suite to support business security decisions.

Challenge

A midsize southeastern energy company had a relatively new security technology department focused on implementing security technologies. The team was working on communicating the value of recent security technology investments.

Process

  • Aligned security capabilities with the NIST Cybersecurity Framework (CSF)
  • Identified the capabilities expected to be in place and the required supporting documentation
  • Utilized CSF and supporting industry information to guide priority and timing of implementation
  • Used maturity levels to report status on security improvements and improvements to risk profile
  • Maintained CSF functions throughout communications to consistently educate security stakeholders
  • Established capability and technology roadmap with security practices model, technical protective controls architecture, and segmented network architecture
  • Developed detailed work plans for key security technology focused projects
  • Documented a playbook to define responsibilities, procedures, and roles associated with each department

Result

  • Developed a roadmap to implement a cybersecurity framework to mature security capabilities enabled by security technology investments
  • Prepared the organization for CISO/CSO governance and oversight activities
  • Provided a method of communicating security program progress to senior leadership

Related Insights

Achieving Security Program Alignment with the NIST Cybersecurity Framework

Case Study

ScottMadden partnered with a large energy provider to align its security program with the NIST Cybersecurity Framework (CSF).

Read More

Managing Information Security Risks in a Shared Services Organization

Case Study

ScottMadden partnered with a multifunction shared service organization (SSO) in the entertainment industry to assess its security practices. This case study reviews managing information security risks in…

Read More

Cybersecurity Operational Technology Program Development

Case Study

A large electric and gas utility’s enterprise IT cybersecurity group initiated the IT-OT program to address the increasing threat of cyber attacks against OT found in the operating environment.

Read More

Let’s Work Together

We don’t solve problems with canned methodologies; we help you solve the right problem in the right way. Our experience ensures that the solution works for you.

Connect With Us Find an Expert