Cyber Security: Governance Compliance Assessment - NIST CSF and ISO/IEC 27001/2

The client had an extensive enterprise information security program, but the program lacked specific coverage of the company’s products throughout their lifecycle. They wanted to establish a product cybersecurity program that would address their global requirements and demonstrate effective governance of their unique product information risks to their stakeholders and customers. The client sought assistance with assessing the current state of their product cybersecurity and developing a framework to support their evolution of the program.

3 IT techs working

Challenge

The client had an extensive enterprise information security program, but the
program lacked specific coverage of the company’s products throughout their
lifecycle. They wanted to establish a product cybersecurity program that would
address their global requirements and demonstrate effective governance of their
unique product information risks to their stakeholders and customers. The client
sought assistance with assessing the current state of their product cybersecurity
and developing a framework to support their evolution of the program.

 

Experis Solution

Experis used a tailored version of its governance assessment methodology to
perform a conduct a high-level review of the current product cybersecurity
program and developed a custom product cybersecurity framework based on
several recognized standards to use as the basis for the assessment.
We evaluated the currently policies, processes, controls and recent audit findings
to determine significant gaps, improvement opportunities and program changes
needed to implement the proposed product cybersecurity framework and achieve
the desired level of information protection. Experis identified a significant number
of gaps and improvements that would need to be addressed and provided a
roadmap of pragmatic recommended actions to drive improvements.

The governance assessment report included:

  • A customized Product Cybersecurity Governance Framework
  • Findings and analysis of the gaps in the current state of cybersecurity
  • A comprehensive workbook of identified gaps and prioritized set of
    recommended program improvements

 

Results

Experis exposed some strengths and some significant issues with the current
product cybersecurity governance and risk management environment. Our
delivery included a roadmap of pragmatic actions and suggested improvements
to their product cybersecurity program. Our inclusion of a detailed review of audit
corrective actions as part of the assessment demonstrated the flexibility and
client partnership principles Experis uses to deliver value in every client
engagement.