Cyber Security Roadmap Assessments
A cyber security roadmap assessment is a comprehensive, evidence-based approach to develop a strategy to improve your organization's cyber security.
Within 4-6 weeks, you’ll have a set of prioritized cyber security initiatives that are tightly aligned with your organization’s operations, strategy, technology, and staff. These initiatives are designed to lower your risk of cyber attacks and enable you to demonstrate to prospects, clients, donors, beneficiaries, and other stakeholders that you take cyber security seriously.
At the end of the assessment, we’ll deliver a concise set of recommended initiatives, actionable security vulnerabilities, and details on suggested next steps.
Following the assessment, you can choose to implement the initiatives on your own, with an existing partner, or through partnership with RipRap Security.
Why Do You Need It?
Take an inventory of your organization’s cyber security gaps and existing capabilities
Understand the security posture of your key third party service providers and contractors
Demonstrate your current and planned cyber security capabilities to prospects and customers who are increasingly including cyber security requirements as a part of their contracts
Reduce the long-term cost of cyber security improvement efforts by having an improvement strategy made up of prioritized, defined-cost initiatives
Achieve greater buy-in from leadership and individual contributors for cyber security initiatives
Elevate the success rates of security initiatives to increase organizational resiliency against attacks
Align technology and security initiatives to support your organization as it grows - having a unified IT/Security strategy leads to better outcomes and lower costs as compared to buying security tools piecemeal without broader strategy.
Lower cyber insurance premiums by having best practices in place
How Does It Work?
Three core and one optional components make up the cyber security roadmap assessment
-
Security Workshops
We kick things off with security workshops with key organizational stakeholders and third parties, designed to evaluate your organization’s security posture compared to best practices that we’ve aligned to the NIST Cybersecurity Framework (CSF). This framework is used by organizations worldwide to design evidence-based cyber security strategies.
-
Staff Security Assessment
The second element is a staff security assessment, designed to understand how prepared your staff are to identify and prevent cyber attacks. We conduct a phishing attack simulation, perform dark web monitoring of your organization’s email addresses, and provide a cyber security knowledge assessment to staff.
-
Productivity Suite Compromise Assessment
A productivity suite compromise audit that uncovers active compromises in your Google Workspace or Microsoft 365 tenant and flags misconfigurations that post a serious risk to your organization.
-
Optional: App Security Assessment
For organizations that have custom applications, we also offer an optional assessment of the application and the software development supply chain. This assessment is designed to uncover vulnerabilities in both the application and the process used to develop the application.
At the conclusion of these three components, we deliver an interactive report alongside a briefing on findings and recommended next steps.
Who Is Involved?
-
The best outcomes require a cyber security champion at your organization. If your organization is large enough, the traditional security champion can be the CIO, CTO, or CISO. Otherwise, the security champion is typically someone that is at least at the director level. They may have other responsibilities in their role, but generally the cyber security champion owns IT-related activities. The cyber security champion helps us coordinate with staff across the organization as well as third party stakeholders.
-
Workshops with key leadership stakeholders are critical to help us align cyber security roadmap initiatives with the organization's strategic goals. Discussions with leadership are critical to provide insight into the organization’s direction and to help us ensure that security initiatives are not a roadblock to the organization’s operations.
-
We need to hold workshops with a handful of staff members who work in different parts of the organization and that use technology as a core part of their role. These conversations provide us insight into how different parts of the organization leverage technology to achieve their goals and help us understand the impact of security initiatives.
-
Another key group of stakeholders that are absolutely essential for us to meet with are third parties. Understanding your relationships with vendors, contractors, and other partners are critical to help us understand the risk to your organization from the third parties. We initially engage the third parties with a cyber security questionnaire to understand the security posture before holding a workshop with the key third parties to dig deeper.
What Are The Outcomes?
-
A clear, evidence-based roadmap that provides you specific recommendations for how to invest in cyber security improvements. Use it with us, with your own organization, or with another vendor. It’s standards-based and portable.
-
An understanding of the staff’s ability to protect your organization from attacks.
-
Detailed recommendations for improving the security of your productivity suite and guidance on what actions to take if your productivity suite is actively compromised by an attacker.
How Long Does It Take?
The cyber security roadmap assessment takes between four and six weeks, depending on the size of your organization, technology complexity, and number of third parties.
How Much Does It Cost?
Pricing starts at $5,000 for small organizations and increases based on an organization’s size and complexity. Special pricing is available for nonprofits, B Corps, and 1% for the Planet members.