Cybersecurity Risk-Based Business Plan
ScottMadden established a capability and technology roadmap within a security practices model to prioritize multiple technology implementation efforts and provide executive line of sight to long-term organizational investments.
Security Program Design
- Used NIST Cybersecurity Framework (CSF) to develop security capabilities within business requirements and industry best practices
Stakeholder Education
- CSF, supporting industry information, and program documentation used to educate on security capabilities and justify investment
Clarified Communication
- Security program and value clearly communicated up to C-Suite to support business security decisions
Challenge
A midsize southeastern energy company had a relatively new security technology department that was focused on implementing security technologies. The team was working on how to communicate the value of recent security technology investments.
Process
- Aligned security capabilities with the NIST Cybersecurity Framework (CSF)
- Identified the capabilities expected to be in place and the required supporting documentation
- Utilized CSF and supporting industry information to provide guidance on priority and timing of implementation
- Used maturity levels to report status on security improvements and improvements to risk profile
- Maintained CSF functions throughout communications to consistently educate security stakeholders
- Established capability and technology roadmap with security practices model, technical protective controls architecture, and segmented network architecture
- Developed detailed work plans for key security technology capability-focused projects
- Documented a playbook to define responsibilities, procedures, and roles associated with each department
Result
- Developed a roadmap to implement and mature security capabilities as part of a program enabled by security technology investments
- Prepared the organization for CISO/CSO governance and oversight activities
- Provided a method of communicating security program progress to senior leadership
Related Insights
Achieving Security Program Alignment with the NIST Cybersecurity Framework
Case Study
ScottMadden partnered with a large energy provider to align its security program with the NIST Cybersecurity Framework (CSF).
Managing Information Security Risks in a Shared Services Organization
Case Study
ScottMadden partnered with a multifunction shared service organization (SSO) in the entertainment industry to assess its security practices. This case study reviews managing information security risks in…
Cybersecurity Operational Technology Program Development
Case Study
A large electric and gas utility’s enterprise IT cybersecurity group initiated the IT-OT program to address the increasing threat of cyber attacks against OT found in the operating environment.
Let’s Work Together
We don’t solve problems with canned methodologies. We help you solve the right problem in the right way. Our experience ensures that the solution works for you.