A local branch of a global Insurance company was subjected to an audit from their mother company. The audit showed that the level of security maturity that was lower than the target ambition. As a result of this, the local branch expressed a wish to migrate their cloud solution to a hosting provider, ascertain and improve their level of security maturity to an appropriate level, and, in parallel, mitigate the findings of the audit report.
The client had grouped their security needs and assigned each of these a target “Common Maturity Model Integration” CMMI score for security maturity. As the cloud solution of the Client was moved to their chosen hosting provider, we established metrics based on the (CMMI) model in order to be able to ascertain the “as-is” for the various groups. We then compared these to the wished-for “to-be” as expressed by the Client. To further help with the measuring by making it more fine-grained, we mapped the Clients wishes, expressed by a CMMI score, to the areas and controls of the CIS18 Framework. The improvement of the maturity level of the various groups were then scheduled according to the mitigation dates of the (related) audit findings, in order to run both things in parallel.
- Mapped the grouping of demands as set by the client to the CIS18 areas
- Further refined the above mapping to include CIS18 controls
- Mapped the grouping of demands as set by the client to align with the mitigation of the audit findings
- Scheduled the improvement of the security level for the various groups to best support the above
WE WOULD LOVE TO HEAR FROM YOU!
Contact us if you would like to discuss any projects you feel we can help with.