Home
Facilitating GRC Best Practice
analytix-official_2-01.png
Supported Standards:
COSO ERM
analytix-official_2-01.png
ISO 31000
BS 10500
ISO 19600
COBIT®
ISO/IEC 38500
ISO/IEC 27001
ISO/IEC 22301
TOGAF®
ITIL®
ISO/IEC 20000
Balanced Scorecard
analytix-official_2-01.png
Cybersecurity
Consultancy Topics:
Risk
Compliance
Anti-Bribery
IT Governance
IT Risk
IT Compliance
Information Security
Business Continuity
Cybersecurity
Governance

NIST Cybersecurity Assessment

Category: 
Cybersecurity

Analytix cybersecurity assessment service is designed to provide an assessment of your current cybersecurity practices, utilising a range of information gathering techniques including interviews, facilitated workshops, observations and the study of relevant company records and documentation. 

Certified Assessors

Our certified assessors are highly competent and have been trained in performing NIST-based cybersecurity assessments.

​Aim of the Cybersecurity Assessments

The aim of a cybersecurity assessment is to provide management the means of identifying, assessing, and managing cybersecurity risk across the various levels, i.e. Government, public sector, and private sectors. 

The assessment results provide a determination of an organisations cubersecurity posture and can be used to:

  • Monitor, through the Framework’s assessment model, an organisation's cybersecurity profile
  • Reassure management that information security and cybersecurity is in accordance with plans and risk appetite, particularly with regard to business and organisational objectives
  • Ensure that the organisation's information security and cybersecurity external obligations (regulatory, legislation, common law, contractual) and internal work practices are in place

We utilise a cybersecuirity assessment approach that can be used to compare an organization’s current cybersecurity activities with those outlined in the NIST Cybersecurity Framework's "Core". Through the creation of a Current Profile (posture), organisations can examine the extent to which they are achieving the outcomes described in the Core Categories and Subcategories, aligned with the five high-level Functions: Identify, Protect, Detect, Respond, and Recover. 

The reporting of the Profiles, following assessments, would serve as important feedback that will allow the cybersecurity governance structures to monitor and benchmark the status of cybersecurity, e.g. at national, public sector, and private sector level.

An organization may find that it is already achieving the desired outcomes, thus managing cybersecurity commensurate with the known risk. Conversely, an organization may determine that it has opportunities to (or needs to) improve. The organization can use that information to develop an action plan to strengthen existing cybersecurity practices and reduce cybersecurity risk. An organization may also find that it is overinvesting to achieve certain outcomes. The organization can use this information to reprioritize resources to strengthen other cybersecurity practices.

While they do not replace a risk management process, these five high-level Functions will provide a concise way for senior executives and others to distill the fundamental concepts of cybersecurity risk so that they can assess how identified risks are managed, and how their organization stacks up at a high level against existing cybersecurity standards, guidelines, and practices. The Framework can also help an organization answer fundamental questions, including “How are we doing?” Then they can move in a more informed way to strengthen their cybersecurity practices where and when deemed necessary.

The NIST Cybersecurity Framework (CSF) provides an assessment mechanism that enables organizations to determine their current cybersecurity capabilities, set individual goals for a target state, and establish a plan for improving and maintaining cybersecurity programs.

The output of the process is a cybersecuirty asssessment report which includes:

  • A quality review of the organisation's cybersecurity against the NIST Cybersecurity Framework's (CSF)  guidelinesDescribe their current cybersecurity posture (As-is)
  • Describe their target state for cybersecurity (To-be)
  • Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process
  • Benchmark and compare organisations
  • Assess progress toward the target state
  • Communicate among internal and external stakeholders about cybersecurity risk

Our NIST Cybersecurity Framework Assessment will assist your management to:

  • Describe their current cybersecurity posture (As-is)
  • Describe their target state for cybersecurity (To-be)
  • Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process
  • Benchmark and compare organisations
  • Assess progress toward the target state
  • Communicate among internal and external stakeholders about cybersecurity risk