您的安全策略处于什么位置? 你最大的风险是什么? 你应该把精力集中在哪里? Rapid7’s 网络安全成熟度评估 utilizes cybersecurity best practices and recognized cyber-frameworks to answer these questions surrounding your existing security program. While the 网络安全成熟度评估 is particularly valuable to medium and large businesses, organizations of any size can benefit from it.
The goal of the 网络安全成熟度评估 is to provide a view of your current security posture, 对现有计划的客观审查, 以及战略规划指南. It will also help your organization develop tactical and strategic directions to further mature and strengthen your security program efforts. 不能被遗忘, aligning your security program with the best practices outlined in the assessment better positions your program to meet (and exceed) 行业 compliance standards.
Our experts are ready to help you get to know your security program—and learn how to improve it.
pg电子The 网络安全成熟度评估 focuses on specific controls that protect critical assets, 基础设施, 应用程序, and data by assessing your organization’s defensive posture. The assessment also emphasizes operational best practices for each control area, as well as the organizational effectiveness and maturity of internal policies and procedures.
The 网络安全成熟度评估 is typically performed against the Center for Internet Security (CIS) Top 18 Critical Security Controls, but can be tailored to align with several different cybersecurity control sets and frameworks based on your organization’s goals, 行业, 成熟度水平. Additional control sets and frameworks we specialize in currently include:
Your assessment will be conducted by our resident Advisory 服务 experts, who average over 20 years of experience across different areas of security and compliance. This ensures your plan makes the most sense for your organization’s needs.
As part of the Cybersecurity Maturity assessment, Rapid7 will also include a validated external vulnerability Assessment (up to one external /24 CIDR range), validating critical and high vulnerabilities, as well as an electronic social engineering exercise. The electronic Social Engineering phishing exercise is performed for up to ten employees and utilizes non-complex pretext to measure employee security awareness by attempting to capture credentials.
But what does the assessment actually entail? A Rapid7 网络安全成熟度评估 engagement is divided into three phases and consists of onsite interviews, 远程电话或视频采访, a validated external vulnerability assessment, 网络钓鱼邮件, and a detailed review of policy documentation and operational procedures. 我们的目标是尽可能提高效率, so you can help us by being prepared to answer questions that span people, 流程, and technology (with the focus being on people and 流程). We will get deep into the weeds talking architecture, 策略, 风险, and roadmap to formulate a comprehensive view of your security environment.
The final output will consist of the following:
The report is intended to address areas with the highest impact and 风险, and give your subject matter experts detailed information for implementation within your organization.