Context:
Following the appointment of a new CIO and their request for a 3rd-party review of the security posture, Iridium were invited to present on its cyber security capabilities. The outcome of this was a recommendation from Iridium to undertake a comprehensive baseline assessment against the NIST cyber security framework.
Our Response:
The security assessment was based upon the design effectiveness of the identified 131 NIST-CSF controls using the COBIT-5 maturity scoring method.
Following an initial scoping session, Iridium provided a Security SME with support from a Security BA and PM to conduct a series of 35 structured interview sessions involving the client’s key security, IT, and change professionals.
A detailed final report and assessment workbook were developed to provide a clear, balanced, and objective view of its client’s security posture, with consumable assessment findings.
Key Outcomes:
The Iridium report provided an overall maturity view, as well as an in-depth analysis of each of the 6 NIST-CSF categories. A clear outline of the key findings, key risks and recommended short and long-term remediation activities were provided as part of this.
A 16-box risk matrix was used to evidence the top 20 risks against impact vs probability, as well as a detailed plan of how to remediate the identified risks and increase maturity.
To conclude the assessment Iridium led a walk-through meeting with the security team, and submitted a risk-based remediation proposal for consumption by the executive team.
Feedback received from the client was that the report was the most informative they had ever reviewed.
Today, Iridium continues to support the client with its on-going security improvement programme.