Current State
Security profile at the time of the assessment.
CIS Controls Framework
CIS Gap Assessment is one of the most effective starting points for assessing organizations security. Many small businesses can quickly obtain an objective view at their security posture and start prioritizing remediation activities.
What are CIS Controls?
CIS control gap assessment creates a bird’s eye view at your security program based on 18 critical security controls. These controls consist of 153 safeguards, which can be mapped to popular security frameworks like NIST, ISO, PCI DSS and other.
All safeguards are split into Implementation Groups, which help with prioritization of remediation activities.
Security Program Maturity
CIS Controls help to identify the current state of your security profile and provide guidance how to address the gap in order to reach target security program state.
Gap
Required remediation activities to reach desired state.
Target State
Security profile that is conducive to achieving organizational goals.
What Is Being Assessed?
Most security frameworks target a number of Security Functions.
Each security control and safeguard addresses at least one of those functions and must be mapped to the organizational risk.
Security Functions
How to Use Assessment Findings
DAYS 1-30: ASSESSMENT
Deliverable
Detailed report with identified gaps and recommendations categorized by:
- Effort
- Cost
- Criticality
DAYS 31-60: STRATEGIC ROAD MAP
Deliverable
- Discussion of findings
- Remediation activities
- Strategic road map
DAYS 61-90: REMEDIATION
Deliverable
Continuous support through remediation activities