Security Assessments

We follow industry standards to evaluate the security of your organization and make recommendations.

Security Assessment Methodology

The Security Assessments will follow the general principles and subcategories from the NIST Cybersecurity Framework and the recommended Security Controls will reference the NIST SP 800-53 Rev 5 Security and Privacy Controls.

General steps include

  1. Understand your business, how it operates, and the type of data it handles.
  2. Review external governance to help determine applicable requirements (laws, regulations, mandates, industry best practices, etc.), including but not limited to:
    • State Data Privacy Laws
    • HIPAA
    • GLBA
    • PCI DSS
    • GDPR
    • NIST 800-171
    • Etc.
  3. Work with the business to define the scope of the SCF Security Assessment.
  4. Review existing Information Security controls:
    • Administrative (policies and procedures)
    • Physical
    • Technical
  5. Identify and recommend missing critical security controls.
  6. Provide a report of findings and recommendations to help improve the organization's security posture.
  7. Obtain the organization's sign-off on any approved initiatives and initiate the project management phase.

 

SCF - Security Assessments

SCF (Secure Control Framework) Security Assessments leverage some of the 1000 controls from  https://www.securecontrolsframework.com/ 

We will work with your organization and IT department to obtain the answers to the assessment. The Deliverable includes a scored assessment with recommendations and a copy of the assessed controls and their mappings per the original SCF framework to CIS 8.0, NIST 800-53 v5, NIST 800-171 Rev 2, NIST CSF v1.1, CMMC v1.02, US FFIEC, etc. See SCF Domain Controls per SCF Assessment to review the specific SCF Controls assessed on each SCF Security Assessment.

SCF 15 - Free Security Assessment
Secure Controls Framework Audit - 15 Questions
-Leveraging https://www.securecontrolsframework.com/scf-domains perform a 15 point inspection of the organization and propose Security Controls to implement
-This is an exploratory assessment with the goal of providing a very basic view of the organization's security posture. It uses 15 of the 1000 controls from the SCF, it is very limited in scope.
-We will work with your organization and IT department to obtain the answers to the assessment.
-Implementation of the Security Controls is a separate billable item.
-The Deliverable includes a scored assessment with recommendations and a copy of the assessed controls and their mappings per the original SCF framework to CIS 8.0, NIST 800-53 v5, NIST 800-171 Rev 2, NIST CSF v1.1, CMMC v1.02, US FFIEC, etc.
-Includes a 1-hour report review with the client to go over findings
-Please review the "SCF Domain Controls per SCF Assessment" at https://marbersecurity.com/scope-of-services/ for more details
-Please note that this SCF Security Assessment is a Basic Security Assessment, and it is NOT to be deemed as a full Risk Assessment, Security Assessment, etc. Such services are available upon request, which leverages https://securitystudio.com/
-Visit https://marbersecurity.com/scf for a sample report
-Post-deliverable review support falls under billable "Hourly Consulting Engagements"

Controls assessed:

 

 

 

 

 

 

 

 

SCF 50 - Security Assessment
Secure Controls Framework Audit - 50 Questions
-Leveraging https://www.securecontrolsframework.com/scf-domains perform a 50 point inspection of the organization and propose Security Controls to implement
-This is a Basic Security Assessment, with the goal of providing the organization with a basic view of the organization's security posture. It uses 50 of the 1000 controls from the SCF, it is very limited in scope.
-We will work with your organization and IT department to obtain the answers to the assessment.
-Implementation of the Security Controls is a separate billable item.
-The Deliverable includes a scored assessment with recommendations and a copy of the assessed controls and their mappings per the original SCF framework to CIS 8.0, NIST 800-53 v5, NIST 800-171 Rev 2, NIST CSF v1.1, CMMC v1.02, US FFIEC, etc.
-Includes a 1-2 hour report review with the client to go over findings
-Please review the "SCF Domain Controls per SCF Assessment" at https://marbersecurity.com/scope-of-services/ for more details
-Please note that this SCF Security Assessment is a Basic Security Assessment, and it is NOT to be deemed as a full Risk Assessment, Security Assessment, etc. Such services are available upon request, which leverages https://securitystudio.com/
-Visit https://marbersecurity.com/scf for a sample report
-Post-deliverable review support falls under billable "Hourly Consulting Engagements"

SCF 250 - Security Assessment
Secure Controls Framework Audit - 250 Questions
-Leveraging https://www.securecontrolsframework.com/scf-domains perform a 250 point inspection of the organization and propose Security Controls to implement
-This is a more comprehensive Security Assessment, with the goal of providing the organization with a view of the organization's security posture. It uses 250 of the 1000 controls from the SCF. This assessment also leverages IG1 from CIS 8.0.
-We will work with your organization and IT department to obtain the answers to the assessment.
-Implementation of the Security Controls is a separate billable item.
-The Deliverable includes a scored assessment with recommendations and a copy of the assessed controls and their mappings per the original SCF framework to CIS 8.0, NIST 800-53 v5, NIST 800-171 Rev 2, NIST CSF v1.1, CMMC v1.02, US FFIEC, etc.
-Includes a 2-3 hour report review with the client to go over findings
-Please review the "SCF Domain Controls per SCF Assessment" at https://marbersecurity.com/scope-of-services/ for more details
-Please note that this SCF Security Assessment is a Basic Security Assessment, and it is NOT to be deemed as a full Risk Assessment, Security Assessment, etc. Such services are available upon request, which leverages https://securitystudio.com/
-Visit https://marbersecurity.com/scf for a sample report
-Post-deliverable review support falls under billable "Hourly Consulting Engagements"

DISCLAIMER: Please note this is not a Full Risk Assessment or Compliance Audit. This is a good first step for an organization that has never checked had a Cybersecurity Assessment.

Please let us know how we can help, take advantage of our initial FREE Initial Consultation. Contact us to get started.