IT-Security Gap Analysis: CIS-20 Critical controls
Controls Profile: Make IT Security Measurable
Deloitte has developed a simple measurement approach based on the CIS guidelines for effective controls for IT Security. This will enable you to connect security objectives/goals with measurements for tracking and reporting purposes.
How are you managing your IT security risks?
Most organisations either cannot answer this question or is not managing IT security risk with a measurable approach. It is critical that the organisation is able to put a number to the level of IT security. This way, it is possible to break down the different areas of improvement and allocate specific measures and metrics.
Having a quantitative approach that continues measurement on progress ensures transparency in process and resource allocation.
Most organisations struggle to develop a practical IT security program. The challenge is simply where to start and which initiatives to prioritize.
We have developed an approach, based on the Center for Internet Security CIS-20 framework, which ensures that organisations can conquer this task in a simple and practical manner.
The purpose of the Deloitte Controls Profile is to ensure that all IT-security measurements in scope are performed regularly, and that the results are aligned. A simple dashboard will provide the insights to improve processes, controls and understand any incident root causes. We will hand over our methods and templates to you and ensure the process is carried.
This profile supports specific compliance requirements (e.g. ISO27001) and requirements from the IT Audit.
We have developed a system of profiles based on 20 Critical controls (CIS-20). This enables your organisation to deep-dive into specific topics or start from the Security Profile and work from that foundation.
Would you like to know more? Contact our experts.