CIS CSF Assessment

 CIS Controls

CIS Controls are a set of cybersecurity best practices and defensive actions that are used to prevent the most dangerous and pervasive attacks. For the majority of our assessments, LCM uses the CIS-CSC Cybersecurity Framework. This industry recognized CIS framework provides a straightforward and educational approach to managing security in any organization.

The CIS framework provides a common language for understanding, managing, and expressing cybersecurity risk to internal and external stakeholders. CIS Controls be used to help identify and prioritize actions for reducing cybersecurity risk, and it is a tool for aligning policy, business, and technological approaches to managing that risk. It can be used to manage cybersecurity risk across entire organizations, or it can be focused on the delivery of critical services within an organization.

Get Started on Your CIS Controls Assessment

Approach

This assessment will uncover the gaps that exist between what is in place, and what the framework is suggesting you need. The missing controls will not in every case need to be implemented. This will vary depending on budget, resource availability and their applicability to a business. A maturity rating will be applied in order to understand how well the existing controls have been implemented. LCM recommends that this assessment be completed in six phases:

  1. Review the Cybersecurity Framework

  2. Kick-off Meeting & Data Gathering

  3. Analyze All Gathered Data Information

  4. Prepare Documentation

  5. Draft Review

  6. Final Submission of Deliverables

Deliverables

Four documents will be created as a result of our activities:

  • Gap Summary: Including executive summary and a list of identified gaps and recommendations.

  • Cybersecurity Strategy Roadmap: Aligned with the CIS framework.

  • Roadmap Proposal: A prioritized, project-based approach to remediation, based on the findings from the Gap Summary, that also satisfies budgetary requirements.

  • Implementation Plan: Mapped to the roadmap, including high-level lists of activities, required resources (people), time estimates to complete, tools/technologies where appropriate, priority, recommended order of implementation.

Delivery Team

  • Lead Assessor: a seasoned Information Security expert with over 10 years of professional experience in the industry, possessing various certifications and a degree in information security. Has conducted numerous CIS assessments for customers of various sizes across North America.

  • Virtual CISO: an Information Technology leader with over 20 years of experience in Cyber Security consulting and Managed Security Services, with both CISA and CRISC certifications.

  • Report Writers: will develop final reports based on the findings of the assessment.

Connect with Our Experts to Start Your CIS Assessment