Though this client had an extensive enterprise information security program and team, they lacked a methodology for proactively managing cyber risk across enterprise IT. They wanted to establish a self-assessment methodology that would address their global requirements and demonstrate effective governance of their unique information risks to their internal and external stakeholders.
Jefferson Wells assisted in developing a common set of measures for managing cyber risk. Using a tailored version of our governance assessment methodology, leveraging recognized standards including NIST, COBIT, and ITIL, we evaluated the policies, processes, and controls needed to proactively address risks. Our delivery included a roadmap of pragmatic actions and suggested improvements that were leveraged to improve security governance and reduce overall organizational risk
By shining a light on the problem, Jefferson Wells exposed a significant number of gaps and opportunities for improvement in areas including:
cyber resiliency, and
By identifying improvement opportunities and program changes needed to reduce cyber risk, the client was able to achieve the desired level of information protection.