Design a cyber security programme that fits your risk profile.
CSPA helps you build and implement a risk-based cyber security programme that’s the perfect fit for your organisation.
We’ll help your Board or management team define a governance approach to cyber security — taking into consideration your overall threat profile, current programme, resources and regulatory obligations.
The output — an actionable, measurable framework for implementation, supported by a strategic execution plan.
Evaluate cyber security at a high level
Understand your true risk profile
Define a baseline for improvement
Prioritise activities by level of urgency
Align with compliance obligations
Develop a bespoke implementation plan
We’ve designed the CSPA to follow a simple process — working with you, we answer five key questions:
What should your high level cyber security strategy look like — in the context of your business profile, threat environment and compliance obligations?
What are the gaps in your current arrangements that could lead to unacceptable threat exposure?
Which of these threats need to be addressed as a priority?
What are the overall cyber security disciplines where attention is required?
What specific measures require implementation, improvement or optimisation?
Once we’ve worked through the process together, here’s what you can expect:
You’ll have progressed from a general requirement to ‘stay on top of the cyber threat’ to a structured, actionable, organisation-wide plan.
You’ll have identified unacceptable risks that must be addressed immediately.
You’ll have clear priorities for wider improvement activity in line with potential risk exposure and available resources.
You’ll have full sight of the extent to which compliance obligations are being met.
You’ll have a defined baseline against which ongoing progress can be monitored over time.
If that’s where you want to be, let’s talk about how we get there.
An organisation in the travel industry, which had recently experienced a security incident, needed to evaluate the security controls they had in place and identify areas for improvement.
CRMG ran dedicated CSPA sessions to assess the current implementation of controls and pinpoint those controls that needed to be improved to align with and mitigate key operational risks. Mitigating controls were included in the corporate risk register as an ongoing piece of work focused on specific improvements.
The result — the organisation is able to focus their resources on controls that most need to be improved, reducing unnecessary spend. A forward work programme is in place to enhance security in alignment with strategic objectives.
A law firm, looking to access a broader range of tender opportunities, used the CSPA to satisfy industry regulators as to the strength of their cyber security provision.
Key individuals from the firm joined dedicated sessions to discuss specific areas of cyber security and the extent to which controls had been implemented. CRMG delivered a gap assessment identifying controls not in place, and threats that were not being mitigated, providing both a compliance and risk-based view of their cyber security at the firm.
The result — the firm received clear recommendations to improve their security control implementation in line with industry requirements, and a roadmap outlining specific steps to take over the following 12-18 months.
The CSPA is aimed at any organisation — regardless of size or sector — that wishes to optimise its cyber security programme.
If you’re ready to get started, set up a call with one of our expert advisors today.