Computer Security Incident Response Team
Cybersecurity Insights
Mossé Security

Information Security Maturity Assessment

We have extensive experience delivering Maturity Assessments against a range of information security standards, such as:

  • PCI DSS
  • ISO 27001
  • COBIT 2019
  • NIST Cybersecurity Framework
  • ASD Essential 8

Maturity Assessment Methodology

The following diagram shows Mossé Security's workflow when delivering information security maturity assessments:

Mossé Security's Information Security Maturity Assessment methodology is used when delivering maturity assessments against standards PCI DSS, ISO 27001, COBIT 2019, NIST Cybersecurity Framework, ASD Essential 8.

Click on the diagram to open a larger version.

Key Achievements

  • In 2019, Mossé Security was engaged by a Victorian state department to perform a Maturity Assessment of their IT systems against the ASD Essential 8. Our Team used a combination of user interviews, surveys, vulnerability scanning, Active Directory configuration analysis, and policies and procedures reviews to establish the maturity and compliance level of the organisation. Our Team discovered gaps; areas where the customer thought they were less mature than the reality of our findings. We proposed low-impact changes that would significantly improve the security posture of the organisation and its compliance level to the Essential 8. The following deliverables were produced: a Gap Analysis (including a Controls Assessment), a Strategic Roadmap, a Risk Mitigation Plan, an Action Plan, and a Training Plan. We continue to provide advice to the customer on a regular basis to help them implement our recommendations and communicate with both internal and external auditors.
  • In 2020, a company listed on the ASX200 engaged Mossé Security to perform a Maturity Assessment against the NIST Cybersecurity Framework. We began by reviewing the organisation’s “Current Profile” to gain an appreciation of why it focused on certain controls whilst ignoring others. In some cases, we challenged the customer’s analysis and convinced them that some areas required a different approach. We then developed a “Target Profile” in collaboration with their internal IT security teams. This allowed to us shape a common vision on the maturity level that they wished to reach based on their industry profile, threat landscape and business objectives. A number of gap analysis techniques were used ranging from user interviews, reviewing penetration testing and vulnerability assessment reports, analysing incident cases, and reviewing policies and procedures. In many instances, the PRISMA model was used to describe the maturity of the Core Five Functions.

Our Certifications

Our team undertakes 2,000+ hours of pre-deployment training per year. Here are some of the certifications we hold and maintain:

Cybersecurity Certification - Mossé Cyber Security Institute MGRC Certified GRC Expert Certification
Other services you may be interested in:

Free Project Consultation, Scoping and Quote

Call us on 1300 730 035 or submit the form below
Mossé Security's team of cybersecurity experts are ready to deliver cybersecurity professional services to your organsiation.
About Us

Mossé Security serves governments, the corporate sector, and security-conscious individuals with world-class cyber security solutions and strategic security consulting. We operate around the world and our head office is located in Melbourne, Australia.

Offensive Services
Defensive Security
Insights
© 2010 - 2022 Copyright Mossé Security