Security Maturity Assessment
Security Maturity Assessment ⫘
Important
The service listed above is only available to any customer for whom IMR was quoted on or before to March 31, 2022, and that customer executed a Transaction Document for the IMR within 90 days of the quote. By selecting this Service, Customer acknowledges and agrees that, notwithstanding anything to the contrary set forth in Customer’s agreement with Secureworks, Secureworks may subcontract these Services to Insight Direct USA, Inc., provided that, Secureworks will remain responsible for the performance of the Services to the same extent that it would be liable for its own acts or omissions.
Service Overview ⫘
Secureworks will assess your cybersecurity program and cybersecurity risk management practices as related to the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, version 1.1.
Service Methodology ⫘
During the scheduled time period, Secureworks will conduct interviews with your team members as applicable (e.g., team members involved in your security program), and conduct other activities related to reviewing your security program.
The assessment is comprised of six key activities:
- Prioritize and Scope: Identify business/mission objectives and high-level organizational priorities
- Orient: After the scope of the cybersecurity program has been determined for the business line or process, identify related systems and assets, regulatory requirements, and overall risk approach
- Create a Current Profile: Develop current profile by indicating which cybersecurity outcomes from the NIST Framework Core categories and subcategories are currently being achieved
- Conduct a Risk Assessment: This assessment is guided by your overall risk management process or previous risk assessment activities; analysis of the operational environment is conducted to discern the likelihood of a cybersecurity event and the impact that the event could have on you
- Create a Target Profile: Develop target profile that focuses on the assessment of the framework categories and subcategories describing your desired cybersecurity outcomes
- Determine, Analyze, and Prioritize Variances: Compare the current profile and the target profile to determine variances; develop a prioritized action plan to address variances (reflecting mission drivers, costs, benefits, and risks) and achieve the outcomes in the target profile
Outcome ⫘
Secureworks will provide you with a report. The report will contain both a current and target profile, risk analysis outlining the requirements applicable to your organization, an action plan to address variances between your organization's current and target profiles, a cost/benefit analysis for existing risks and remediation, and guidance about planning for future cybersecurity activities and risk management. In addition, you will receive an overall ranking of your program as compared to the Capability Maturity Model (CMM) scores (Levels 1-5).
Scope and Service Units ⫘
| Scope | Description | Service Units |
|---|---|---|
| Small | 1 physical location to be visited | 40 | Medium | Up to 2 physical locations to be visited | 44 | Large | Up to 3 physical locations to be visited | 48 |
Scheduling and Booking Information ⫘
See Service Scheduling for information about scheduling this service.