Our Cyber Exercise Program Assessment evaluates program activities and documentation to identify areas for improvement.
The foundation of the assessment is ‘NIST SP 800-84, Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities’ and the ‘Homeland Security Exercise and Evaluation Program (HSEEP)'. Remaining practices have been developed by Gideon Rasmussen based on 20+ years of cybersecurity experience within corporate and military organizations.
Areas of focus include:
Deliverables include an assessment report and a slide deck presented to executive leadership.
Having an Incident Response Plan is a first step. The team needs to exercise the plan. That helps prevent an incident from becoming a data breach. As Mike Tyson said "Everybody has a plan until they get punched in the mouth". It's critical to be prepared for modern-day threats and adversaries.
Fees and Payment
The assessment is billed at a flat rate. The engagement begins once the Statement of Work and Contract are signed and upon receipt of the first of three equal payments.
SOW and Contract Execution
First Assessment Interview
Delivery of Draft Report
- Security Awareness Manager at a Financial Institution
Custom assessments may be conducted based on the needs of the client. Here are examples:
|Application Security||Vendors and Service Providers||Cybersecurity Program||Ransomware|
|Business Process Risk||Incident Response||Line of Business Risk||FMEA Process Risk|
|Security Operations Center (SOC)||Fraud Prevention||Insider Threat||Security Awareness Program|
|Mergers and Acquisitions||Infrastructure Security||Zero Trust Security Model||Threat Landscape and Controls|
|Cyber Exercise Program||Penetration Test Program||Cybersecurity Function||Agile Security Testing|