A large-scale energy manufacturer’s growth had outpaced their cybersecurity infrastructure. This company had expanded business lines and marketing capabilities, which led to an increasingly complex and hard to manage IT infrastructure that impeded security and compliance. Despite the ever-increasing complexity of both their infrastructure and threats to it, they were unable to increase headcount or reform policies to keep up, much less get ahead of the problem. Concerned that they were vulnerable to attacks that could compromise important data, this company needed outside help to define and tackle their cybersecurity issues. They needed security and compliance that didn’t sacrifice functionality.
- This company’s rapid growth resulted in inconsistencies in and changes to the corporate IT infrastructure, different approaches to IT asset management and cybersecurity, and expanded shadow IT
- Their increasingly complex infrastructure lacked cohesion, which in turn significantly hindered compliance initiatives.
- Frequency and complexity of threats, as well as the need to respond quickly, continued to increase without a corresponding increase in headcount to handle ongoing security and compliance tasks.
As longtime GDT clients in other areas of their business, they knew who to turn to for help. GDT’s Advisory Services experts conducted a security program assessment, which is an analysis of an organization’s cybersecurity program designed to help an organization determine whether or not it is effective, using the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) as a guideline. This multi-phased assessment offered a thorough review of policies and security standards. Additionally, GDT was able to complete basic controls maturity ratings against the recently created Cybersecurity Maturity Model Certification (CMMC) DoD certification process. Gaps in coverage for NIST policy categories were identified and the company was able to address them quickly and effectively.
GDT collaborated directly with key company personnel to increase awareness of key security program issues. Once the NIST coverage gaps were identified and addressed, the company was able to enjoy measurable security and compliance improvements. Increased stability in security, governance, and compliance operations has allowed the company to focus on more strategic plans that further strengthen its cybersecurity program, and the company’s overall ability to resist or quickly mitigate cyberthreats to its operational effectiveness and corporate success was improved.
Six weeks for security program assessment
ABOUT GDT ADVISORY SERVICES
GDT’s Advisory Services team is comprised of the industry’s most tenured and talented IT professionals, who are dedicated to evaluating, guiding and enhancing customers’ IT organizations. No two customers are alike, which is why we guide each customer on a proactive, personalized technology journey that delivers measurable, consistent and sustainable results from discovery to deployment. GDT offers informative, hands-on advisory engagement and workshops that introduce companies to best practices, including IT transformation, risk mitigation, and infrastructure security.