Site icon

CyberSecurity Practice

business, technology, internet and networking concept - businessman pressing cyber security button on virtual screens

Without question, we are seeing security become top of mind for leadership.  Many organizations are becoming fearful of the almost certain prospect, that they will become victims of a data breach and/or ransom-ware in the near future.    More than ever, firms need to take an offensive position and actively secure their organizations–the first step is knowledge.

Here is a primer for developing and managing a Cyber Security & Consumer Privacy process to help you and your firm become more secure. This is a straight-forward process, we use at Ascension, to help companies achieve high levels of security compliance.

The initial, and perhaps most critical step is to determine your company’s current security posture. A structured and reliable assessment should always involve reviewing current policy, procedures, technical environments and other security related functions that are standards based. Ascension employs a proprietary toolset using a wide spectrum of generally accepted practices.    We align and match numerous general accepted standards, such as ISO/IEC 27001, NIST 800-53, ISA 62443, COBIT 5, CIS CSC, CCPA, GDPR, PCI DSS and other standards into a concise assessment tool to simplify the assessment process and reporting. By having a structured assessment, you and your team will be able to scope security tasks necessary to achieve compliance.

After an assessment is developed, a reporting system should be implemented to assist leadership and other interested parties in understanding security issues & gaps as well as current status regarding any on-going remediation efforts.

With the assessment in place, and a reporting system communicating and tracking progress. Top management should develop a reasonable and effective strategy for closing all security gaps.

The next step is to manage and remediate all issues by working with the internal teams, third-parties and leadership to achieve compliance.

Over time, continuously managing and improving all elements of security, will ultimately guide your company to a higher, consistent and repeatable security posture.

The ultimate goal is to achieve full compliance and provide continuous reporting to ensure on-going compliance.

Finally, your security process should include, at a minimum, the following operational and security domains of knowledge:

Unfortunately, we have leaders that did not perform an assessment calling us, after such a breach or security incident has happen.

“What happened? Are we responsible? Why did I get targeted?

We have to advise them, that the first step is always an assessment of the truth.

Please feel free to call and ask any and all questions you may have regarding Cyber Security.

Paul Scott 425-750-0760

Skip to toolbar