Cybersecurity capabilities management service

To answer the question 'How are we in cybersecurity?' It is always a challenge for those responsible within any organization.

While other areas have metrics and indicators easily recognizable by everyone, it is not easy to convey what the level of security of a service, a system or an entire organization is.

The capacities management service allows to solve this challenge, taking advantage of the characteristics of the rating methodology and the various evaluation methods available to be adapted to different situations. This service it's useful, among others, for this use cases:

  • To define a security plan. Carrying out an evaluation of the current capacity level and defining an objective level based on the criticality of the evaluated environment.
  • As a reporting tool, to inform and compare the level of cybersecurity in different environments, business units or even group companies.
  • As part of a scorecard, to inform Senior Management of the existing cybersecurity level.
  • As a decision tool to identify weak points in our system in which it is necessary to invest our cybersecurity budget.

Objective evaluation scale

Thanks to the structure of the LEET Security methodology that includes the desirable practices for each of the cybersecurity capabilities, an objective assessment scale is generated that makes the results of the evaluations comparable both between scopes and over time. Thus eliminating the value judgments and the differences of criteria inherent in other evaluation mechanisms.

Flexible evaluation mechanisms

Not all use cases require the same level of rigor in measuring the level of capabilities. We do not use the same resources for making an annual plan as for preparing a quarterly scorecard.

So, having different evaluation mechanisms, provides a necessary flexibility, so we can use an array of different services, from a self-evaluation (available on-line, thanks to EQualify) to an exhaustive and rigorous audit (Private qualification), passing through an intermediate system of documentary evaluation (Assessment).

Results come in executive language

Communicating the results is key in this type of exercise. Therefore, this service provides the results in clear and concise language that can be interpreted by non-experts (the scales used by rating agencies are very close to the language of Senior Management), but also by technical experts. For these, the detailed result is provided for each of the 350 capacities evaluated grouped in 73 sections and 14 domains.