Security Program Assessment & Project Roadmap

Tangible Security’s Security Program Assessment is a holistic measurement of the maturity of your security program against industry standards and delivers actionable recommendations that will improve your security posture, close any gaps, reduce risk, and increase your cyber resilience. This includes evaluating people, processes, and technology.

Tangible uses current standards such as NIST, ISO, CMMC, COBIT or other formats as a starting framework, coupled with our expertise to understand your security program’s current state and gaps to determine its capability maturity level. 

Assessment Focus Areas

  • Security Program Strategy and Architecture Governance
  • Gap Assessment (based on ISO 27001, NIST, CMMC, HIPAA, GDPR, PCI DSS, COBIT, or other standards)
  • Cyber Resilience Review (based on DHS CERT standards for IR)
  • Policies and processes including:
    • Overall Security
    • Access Control
    • Data Protection
    • Vulnerability Management
    • Incident Management
    • Secure System Configuration
    • Configuration Control
    • Wireless Use
    • Security Reporting and Metrics
    • Security Awareness Training

Technical Capabilities Reviewed

In addition to policies, the Security Program Assessment reviews the technical capabilities of your security posture, identifies capability gaps or configuration errors, and suggest ways and priorities to improve.

  • Firewall and Router ACLs
  • Remote Access Configuration
  • Wireless Configuration
  • Vulnerability Scanning & Management
  • Patch Management
  • System Security Configuration
  • Security Device Configuration & Effectiveness
  • Incident Response / Management Capability
  • Physical Security
  • Secure Application Design & Lifecycle Management (if applicable)

Security Roadmap

Tangible Security will build on the findings during the Security Program Assessment and create a Security Roadmap. A security “Current State” is established during the assessment. A custom security “Target State” will be established during the Security Road Map development that takes into consideration your specific industry and compliance requirements.

The Security Roadmap typically outlines a multi-year strategic and tactical plan with recommendations on sequencing and priority for improving the effectiveness of your Security Program’s maturity level over time and will also provide preliminary budget information for planning purposes.

Get In Touch Today