Security

Why are comprehensive cybersecurity assessments so valuable?

Larry Dube

When it comes to cybersecurity, an organization can never afford to become complacent. The cybersecurity environment is constantly evolving. Yet in many cases, complacency is a real risk for systems like Power i / IBM i precisely because they are perceived to be so secure.

Power i is one of the most secure systems available, but it is still not immune to serious security risks, and it is critical to go beyond basic network security and begin thinking more holistically about securing your business and its data.

How can businesses begin to take a more systematic approach to evaluating and mitigating security risks? 

In this blog, we explain why a comprehensive cybersecurity assessment like ProCern Technology Solution’s “Gut Check” provides an ideal foundation.

What goes into an effective cybersecurity assessment?

In recent articles, we have explored why protections like application-layer data security provide important levels of protection beyond simply locking down networks. What happens if a bad actor gains access to a network? Will they have unfettered access to sensitive company and customer data? What protections are in place against insider attacks?

We take a deeper look at important capabilities like data security in the specific case of legacy applications and ERP software in our article here, but features like field-level security are only one part of the puzzle. To secure every phase of their operations, we recommend that organizations take a truly systematic approach to cybersecurity strategy.

We explore an in-depth example of a comprehensive cybersecurity assessment program, ProCern’s Gut Check program, in the next section.

A holistic cybersecurity risk assessment: ProCern’s Cyber Gut Check

“There’s a simple reason that a thorough risk assessment is a necessary foundation for an effective cybersecurity strategy: you can’t fix anything if you don’t know what’s going in your environment.” – Brandon Clark, ProCern Technology Solutions Chief Information Security Officer (CISO)

ProCern’s Cyber Gut Check provides a systematic approach to evaluating an organization’s security risks and recommending concrete, actionable mitigation strategies. To ensure that it remains up to date with best practices, this assessment process is tailored to reflect the latest version of the NIST framework.

What is the NIST framework?

The NIST framework refers to the National Institute of Standards and Technology Cybersecurity Framework (CSF), which is a voluntary compendium of best practices for reducing cyber security risk.

A flexible framework designed to be compatible with a broad array of organizations, the NIST CSF centers on six key functions outlined below. The latest version (2.0) fleshed out the governance function described below for the first time (it has previously been included under the identify function). 

NIST Framework: Six Primary Functions

Govern: Establish, communicate, and monitor cybersecurity risk management strategy, expectations, and policy.

Identify: Develop an understanding of systems, people, assets, data, and capabilities leveraged to support the organization.

Protect: Deploy appropriate safeguards to support delivery of the organization’s critical services.

Detect: Implement appropriate activities to discover the occurrence of a cybersecurity event.

Respond: Execute appropriate activities to contain the impact of a potential cybersecurity incident.


Recover:
Execute appropriate activities to maintain plans for resilience and to restore any affected capabilities or services.

What goes into a “Cyber Gut Check”?

ProCern’s Cyber Gut Check centers on a high-level assessment of a client’s cybersecurity program to evaluate its maturity level across every function established in the NIST framework. 

  1. The ProCern team conducts an initial interview with the organization’s Chief Information Security Officer (CISO) or equivalent to develop an understanding of their high-level approach to security. Important topics include challenges, obstacles, industry trends, and any unique concerns for the organization.
  2. ProCern evaluates the organization’s security posture with respect to each NIST function developing a formal assessment. 
  3. Based on this assessment, ProCern delivers a summary document highlighting key strengths and areas for improvement in the organization’s existing cybersecurity environment (see examples below).
  4. This assessment includes specific recommendations and next steps for all areas of improvement, including a detailed analysis of the required effort versus the potential impact of each action.
  5. Effort levels are ranked based on the difficulty of carrying out the initiative, so that the organization can understand the level of work needed in their environment. 

    The ProCern security team conducts a guided walk through with a certified cybersecurity professional to talk through findings, gaps, and recommendations and provide a detailed roadmap moving forward. Representative recommendations cover a broad range of areas including:

    • Policy enforcement to promote consistent accountability and systematic adherence to organizational standards.
    • Risk management to prepare proactively for evolving cybersecurity threats.
    • Asset management to help bolster long-term resilience.
    • Change management to maximize the value of technological investments while maintaining stability, reliability, and compliance.
    • Data security to safeguard sensitive information and reduce the risk of unauthorized access or breach.
    • Vulnerability management to restrict potential avenues for malicious actors.
    • Data retention to safeguard valuable data for disaster recovery, develop long-term insights, and support legal obligations.
    • Data replication to support high availability, business continuity, and an effective recovery program.
     

    Learn More About Securing Your Organization and Its Data

    Securing every facet of an organization requires engaging disparate stakeholders and assessing a broad variety of processes, procedures, and systems. With these challenges in mind, developing a true bird’s eye view of an organization’s vulnerabilities is easier said than done. 

    An in-depth assessment is the best place to start. Securing an organization is an ongoing process, and there will always be new risks to mitigate. A systematic “gut check” helps prioritize ongoing security work, provides management with transparency into potential risks, and ultimately provides an actionable roadmap to a more resilient business. Learn more about ProCern Technology Solution’s Cybersecurity Assessment Services here.