SITUATION
We were retained to conduct a cybersecurity program assessment for the regional operations of a multibillion-dollar global manufacturer and its subsidiaries. We utilized the National Institute of Standards and Technology (NIST) Cybersecurity Framework as a baseline for the comparison.
OUR ROLE
We conducted a full assessment of the company’s documentation and implementation status for each of the 108 NIST controls. This involved a thorough review of all policies and provided documentation and a series of in-depth interviews with personnel to understand the day-to-day operations and how information is handled in standard business practices.
OUR IMPACT
We provided an assessment of the company’s maturity, noting areas of strength and improvement. We shared a comprehensive, prioritized list of recommendations for remediation, organized by criticality and mapped over the next 18-months.