Whether you are starting out on the journey to implementing security controls, or are already a long way down the track, you will know the dark truth: it's hard. But it's your job, and it's no more difficult or complex than any other business challenge you face on a daily basis.
Ask yourself some basic questions:
- Do I have the data I need?
- How can I keep track of all of these dashboards and spreadsheets?
- How do I get everyone on the same page?
- How can I see the forest when all I see is trees?
The CGS™ approach recognizes all of these issues and more. Implementing the security controls is achievable when you're using the right tool and methodology.
What matters is keeping it simple, focusing on what drives real security value, and having a clear map for how to get to each stage. Security controls can appear complex, yet some of the most basic ones can have the greatest impact on security levels. The issue we see most is in translating controls from a policy document to an active way of working to secure the enterprise. The CGS approach starts with the basics and creates an incremental and executable journey to greater levels of security control implementation. If you have the data, CGS™ will make it more valuable by presenting it to the right users at the right time. If you don't have the data, CGS will highlight gaps that are critical to security, and provide you with the business case for why you need the data. CGS is based on the control standards that you choose (we are control agnostic - we can support CIS Critical Security Controls, ISO 27001, NIST SP 800-53, UK Cyber Essentials, PCI , or any other standard that you use, including any in-house ones you have developed). We guarantee that we can get you started on the journey, and give you greater visibility faster than you thought was possible.
Don't sleep on basic, boring security practices. It is still apparent that not all organizations are getting the essentials right.
Verizon 2015 Data Breach Investigations Report