We have extensive experience delivering Maturity Assessments against a range of information security standards, such as:
PCI DSS
ISO 27001
COBIT 2019
NIST Cybersecurity Framework
ASD Essential 8
Maturity Assessment Methodology
The following diagram shows Mossé Security's workflow when delivering information security maturity assessments:
Click on the diagram to open a larger version.
Key Achievements
In 2019, Mossé Security was engaged by a Victorian state department to perform a Maturity Assessment of their IT systems against the ASD Essential 8. Our Team used a combination of user interviews, surveys, vulnerability scanning, Active Directory configuration analysis, and policies and procedures reviews to establish the maturity and compliance level of the organisation. Our Team discovered gaps; areas where the customer thought they were less mature than the reality of our findings. We proposed low-impact changes that would significantly improve the security posture of the organisation and its compliance level to the Essential 8. The following deliverables were produced: a Gap Analysis (including a Controls Assessment), a Strategic Roadmap, a Risk Mitigation Plan, an Action Plan, and a Training Plan. We continue to provide advice to the customer on a regular basis to help them implement our recommendations and communicate with both internal and external auditors.
In 2020, a company listed on the ASX200 engaged Mossé Security to perform a Maturity Assessment against the NIST Cybersecurity Framework. We began by reviewing the organisation’s “Current Profile” to gain an appreciation of why it focused on certain controls whilst ignoring others. In some cases, we challenged the customer’s analysis and convinced them that some areas required a different approach. We then developed a “Target Profile” in collaboration with their internal IT security teams. This allowed to us shape a common vision on the maturity level that they wished to reach based on their industry profile, threat landscape and business objectives. A number of gap analysis techniques were used ranging from user interviews, reviewing penetration testing and vulnerability assessment reports, analysing incident cases, and reviewing policies and procedures. In many instances, the PRISMA model was used to describe the maturity of the Core Five Functions.
Our Certifications
Our team undertakes 2,000+ hours of pre-deployment training per year. Here are some of the certifications we hold and maintain: