Where does your security strategy stand? What are your biggest risks? Where should you focus your efforts? Rapid7’s Cybersecurity Maturity Assessment utilizes cybersecurity best practices and recognized cyber-frameworks to answer these questions surrounding your existing security program. While the Cybersecurity Maturity Assessment is particularly valuable to medium and large businesses, organizations of any size can benefit from it.
The goal of the Cybersecurity Maturity Assessment is to provide a view of your current security posture, an objective review of existing plans, and a guide to strategic planning. It will also help your organization develop tactical and strategic directions to further mature and strengthen your security program efforts. Not to be forgotten, aligning your security program with the best practices outlined in the assessment better positions your program to meet (and exceed) industry compliance standards.
The Cybersecurity Maturity Assessment focuses on specific controls that protect critical assets, infrastructure, applications, and data by assessing your organization’s defensive posture. The assessment also emphasizes operational best practices for each control area, as well as the organizational effectiveness and maturity of internal policies and procedures.
The Cybersecurity Maturity Assessment is typically performed against the Center for Internet Security (CIS) Top 20 Critical Security Controls, but can be tailored to align with several different cybersecurity control sets and frameworks based on your organization’s goals, industry, and maturity level. Additional control sets and frameworks we specialize in currently include:
Your assessment will be conducted by our resident Advisory Services experts, who average over 20 years of experience across different areas of security and compliance. This ensures your plan makes the most sense for your organization’s needs.
As part of the Cybersecurity Maturity assessment, Rapid7 will also include a validated external vulnerability Assessment (up to one external /24 CIDR range), validating critical and high vulnerabilities, as well as an electronic social engineering exercise. The electronic Social Engineering phishing exercise is performed for up to ten employees and utilizes non-complex pretext to measure employee security awareness by attempting to capture credentials.
But what does the assessment actually entail? A Rapid7 Cybersecurity Maturity Assessment engagement is divided into three phases and consists of onsite interviews, remote phone or video interviews, a validated external vulnerability assessment, email phishing, and a detailed review of policy documentation and operational procedures. We aim to be as efficient as possible, so you can help us by being prepared to answer questions that span people, processes, and technology (with the focus being on people and processes). We will get deep into the weeds talking architecture, strategy, risk, and roadmap to formulate a comprehensive view of your security environment.
The final output will consist of the following:
The report is intended to address areas with the highest impact and risk, and give your subject matter experts detailed information for implementation within your organization.