Review and mend security holes before someone else finds them.
Cybersecurity is a vital part of your organization in today's digital world.
Smartt providers Cybersecurity Assessments utilizing the NIST (National Institute of Standards and Technology) Cybersecurity Framework. It's the perfect solution if you would like to:
- Prepare for compliance validation (Example: PCI, SOX, DISMA, HIPPA) or remove the potential of future compliance breaches
- Validate IT or vendor work
- Prepare for growth or expansion
Why the Smartt Cybersecurity Assessment?
Clients typically use Smartt's Cybersecurity Assessment to assess its IT Service Management (ITSM) Practices, the effectiveness of their cybersecurity risk management efforts, and opportunities for improvements in the context of their overall organizational performance.
Common Use Cases for Cybersecurity Assessments:
-
Compliance Preparation Prepare for compliance validation (Example: PCI, SOX, DISMA, HIPPA) or prevent potential future compliance breaches
-
Validating Current or Previous Work Validate work performed by an IT Vendor or a siloed IT group
-
Security Incident Recovery To have an objective post mortem and remediation plan after a significant service interruption or security incident
-
Growth or Expansion To assess on the existing environment to determine the best course of action (replication, scaling, re-design, or migration) for rapid growth and expansion
This assessment is built around the National Institute of Standards and Technology (NIST) Cybersecurity Framework – a globally adopted standard that is followed by many public and private companies. NIST is a U.S. agency dedicated to promoting industrial competitiveness by providing standards, guidelines, and practices that cover many fields. One of these fields is organizational cybersecurity, and NIST is considered one of the top authorities in the world in regard to developing up-to-date guidelines for companies to follow.
What are the benefits?
Protect your organization against rising cybercrimes.
Prevent financial impacts and liabilities from cyber attack events.
CEOs
Identify gaps in your organization's current security posture by leveraging trustworthy third party expertise.
CIOs
Determine what best practice implementations are required.
CFO's
Identify the cost and timeline of improvements.
What are the Activities and Deliverables
From a Cybersecurity Assessment?
Our team will work with you to review the various aspects of your environment (physical, virtual, personnel, and procedural).
Smartt
activities
- Kickoff Meeting
- Client Business Interviews
- Client Completed Pre-Assessment Questionaire
- Client-Reporting or Smartt Driven Manual Audit
- Technical Interviews
- Process Reviews
- Hardware Reviews
- Virtualization / OS Reviews
- Application Reviews
- Documentation & Evidence Review
- Validation As Needed (PEN Test / Vulnerability Scan. $500 for each instance. Identified and recommend on or before Documentation Review)
- Presentation & Q/A Session
Smartt
deliverables
- Audit Report
- Recommendations
- Fixed Fee Price
- Project Plan
- Timeline
People LOVE
Smartt's Security Offerings
They are amazing to work with. Staff are professional and knowledgable. It was great to work with them! Highly recommended!They are amazing to work with. Staff are professional and knowledgable. It was great to work with them! Highly recommended
- Kenneth Cheung, Information Technology -
How Does a Cybersecurity Assessment Work?
A Cybersecurity Assessment can take from one to six weeks. Based on the NIST (National Institute of Standards and Technology) Cybersecurity Framework, the assessment will review all aspects of your environment (Physical, virtual, personnel, and procedural) to make sure that any holes are discovered, known about, and taken care of before someone else finds them.
The Physical
A review of the "physical" environment based on the established boundaries of the assessment.
- Servers
- Workstations
- Physical Locations
- Network Devices
The Virtual
An analysis of your network, with active scanning and penetration tests.
- Network Diagrams (Subnets and VLANS)
- Internal and Public IP ranges
- Vulnerability Scanning
- Penetration Testing
The Personnel
Pre-engagement questionnaire, interviews, and "shoulder surfing".
- Executive and Team Interviews
- Admins Questionnaire
- Operators Questionnaire Who are You?
- Security Personnel Questionnaire
- Shoulder Surfing
The Procedural
Review of current security controls against frameworks to identify gaps.
- Evidence Requesting and Analysis
- Current Security Controls
- Review Against Frameworks
Need Help?
If you’re wondering whether your brand needs refreshing, stop wondering and talk to us about the Smartt Brand Strategy Roadmap. We’re happy to give you a free consultation and show you examples.
Get a Free Proposal