top of page

Security Capability
Assessment

Building trust in your business

This offer is about taking a key step to raising your security to a level needed to support the business's compliance obligations and protect reputation.

​

IT Security audits are needed now more than ever. Addressing gaps in Information Assurance & Cyber Security capabilities is not just a compliance matter; in the digital economy, it’s a trust factor for clients, investors, vendors and partners. Bridging gaps in legislative and regulatory compliance influences trust in your business.

​

The need for Security assessments can be in context of several scenarios such as strategic/ tactical improvement, external compliance audits, customer audits etc.

 
Establish awareness of capabilities and compliance maturity

The purpose of a Security Capability Assessment is to:

​

  • Establish coverage and maturity level for a given security capability or set of capabilities that comprise an Information Assurance & Cyber Security practice.

  • Provide you with the knowledge and roadmap to bridge gaps and improve your business’s ability to protect assets and achieve compliance obligations.

​
Engagement Scope

The engagement can be one or more scope items that cover a range of capabilities - collectively representing the Information Assurance & Cyber Security spectrum, and specific compliance standards the business is expected to meet.

​

DVL can work with your team to firstly identify your business ecosystem, secondly to scope the capabilities (and associated compliance standards) maturity in context of your business ecosystem. The range of scope areas for an assessment are:

​

  • Governance Risk & Compliance (GRC)

ISO27K, policies, Data Security Life Cycle (DSLC), CSA etc.

  • Attack Surface Analysis (ASA)

Internal/ external discovery of intel, people, process & technology

  • Cyber Threat Intelligence (CTI)

Strategic, Tactical and Operational consumption & generation

  • Vulnerability Threat & Risk Management (VTR)

Threat assessment process, vulnerabilities analysis, risk methodology

  • Security Assurance

Engagement, method, changes, product, system design, SW engineering,

  • Security Architecture

Engagement, framework, patterns, process, CSA standard, tools and governance

  • Application Security

OWASP SAMM, ISO27034, SAN25, SAST/ DAST tooling,

  • Data Privacy

Engagement, GDPR, HIPPA etc.

  • Cyber Defence

Engagement, framework, tooling, NIST, ISO27032, etc.

  • Security Controls Framework (SCF)

Adoption, application, mapping CIS 20, ISO27001:2013, tools

  • Third Party Assurance

Policy, engagement, method, Risk Management

  • Protective Monitoring

Engagement, policy, Log management, tools, Analysis, analytics, alerting

  • Incident Response

Integration, process, communication, roles & responsibilities

  • Enterprise Management

Patching maintenance, Standard Operating Procedures (SOP), assurance

bottom of page