Cyber Security Maturity Assessments: Getting Started

5月 11, 2016

In today’s Whiteboard Wednesday, Todd Lefkowitz, VP of Global Services at Rapid7, will discuss why every security team should assess their cyber security maturity.

A recent poll shows that 78% of security programs are not reviewed on a regular schedule. This lack of focus and insight within a security program may leave you vulnerable. It is important to understand where you are investing in, where there may be gaps, and how mature you are in each stage of your security program.

In this video Todd will give you some tips to help you assess the current state of your security program and why it is important. Watch this week’s Whiteboard Wednesday to learn more.

Video Transcript

Welcome, everybody, to another edition of Whiteboard Wednesday with Rapid7. My name is Todd Lefkowitz, and I'm the Vice President of Global Services. Today, we're going to talk about why every security team should assess the maturity of their cyber security program.

Show more Show less

There's a couple things to keep in mind. Cyber security is an ever-evolving landscape, which is why we love it, because it's dynamic and it's always changing. So, one of the things that you want to do is to make sure that the program you have for either yesterday or today is going to be the program that you have for tomorrow. So, a couple of things that we want to look at.

So, first and foremost, it's about having more than great technology. It's about the people that you employ, and it's about the processes that you follow, so ensuring that you have an adequate policy and set of procedures based on your particular industry, your company, and what it is that you do.

The other thing is that, as I mentioned, it is an evolving threat landscape, so you need to make sure that what you're looking to safeguard against is being updated and refreshed with a degree of frequency that matches what you are trying to protect.

Employee turnover. So, in a previous segment, I mentioned the fact that people come, people go, and you can't assume that the people that are here today will be here tomorrow, and so you want to make sure that you have a process in place that allows for a greater degree of training and updates with respect to your security programs.

Standards and regulations, along with policies, tend to change frequently, and again, it speaks back to the ever-evolving landscape with respect to security and how we safeguard against those threats, and so, making sure that you're keeping up to speed with policies as they change and based on how they pertain to your particular business or market segment.

Board of Directors. You'll be hearing a lot more about how Board of Investors are taking a very invested interest in the security of the companies that they represent or the portfolio of companies that they represent. So, obviously, you're going to want to make sure that your security program is up to snuff, and assessing the maturity of your program is a great way to ensure that you're keeping your Board happy.

And then finally, practice makes perfect, so ensure that you're frequently checkpointing what it is that you're doing, so frequently running through things like tabletop exercises for components of your security program that you might not be accessing very regularly, so things like disaster recovery. Thank goodness not a lot of us have to experience that often, but things like incident response, disaster recovery, those are the sort of things that you want to checkpoint fairly frequently to make sure that you're accustomed to the processes involved with events like that.

So again, we would highly recommend that you assess the maturity of your cyber security program, and here at Rapid7, we offer solutions to help you with that. So, if interested, feel free to reach out to us and we can discuss with you options for cyber security maturity assessments.

This has been another edition of Whiteboard Wednesday. Thank you.