Achieving Security Program Alignment with the NIST Cybersecurity Framework
ScottMadden has helped a number of utilities adopt and implement the NIST Cybersecurity Framework. Contact us to learn how we can help support your cybersecurity projects.
At a Glance
Enterprise-Wide Collaboration
Engaged stakeholders and cybersecurity experts from throughout the enterprise to develop a risk-driven, industry-aligned cybersecurity program
Risk-Based Controls
Integrated a comprehensive set of risk-based controls tailored to the environment
Leading-Edge Program Development
Developed a program aligned with a leading-edge industry framework that can be used to communicate security posture and drive ongoing improvements
Challenge
A large energy provider desired to develop a best-in-class security program and meet industry security expectations by aligning with the NIST Cybersecurity Framework (CSF). The client’s existing security program was exclusively aligned to a previous standard and needed updated controls. ScottMadden helped identify gaps and develop necessary controls to create a program fully aligned with the CSF.
Process
- Utilized a collaborative approach to build consensus and ensure stakeholder engagement and alignment with the changes to the security program
- Facilitated workshops to help key personnel provide significant input into the development of controls, establishment of governance, and development of implementation and communication plans
- Defined governance and oversight responsibilities for each control to facilitate implementation of the revised security program
- ScottMadden organized the security program across core security functional areas to instill ownership and document accountability
Result
- Integrated a comprehensive set of risk-based controls tailored to the environment
- Established a consolidated security controls program inclusive of all important enterprise assets
- Developed a program aligned with a leading-edge industry framework that can be used to communicate security posture and drive ongoing improvements
- Engaged stakeholders and cybersecurity experts from throughout the enterprise to develop a risk-driven, industry-aligned cybersecurity program
Related Insights
Managing Information Security Risks in a Shared Services Organization
Case Study
ScottMadden partnered with a multifunction shared service organization (SSO) in the entertainment industry to assess its security practices. This case study reviews managing information security risks in…
Operational Technology Service Delivery Model
Case Study
A midsize southwestern utility’s operational technology (OT) division needed help maintaining and improving operational area responsiveness to keep pace with industry changes. ScottMadden was engaged in helping…
Cybersecurity Operational Technology Program Development
Case Study
A large electric and gas utility’s enterprise IT cybersecurity group initiated the IT-OT program to address the increasing threat of cyber attacks against OT found in the operating environment.
Let’s Work Together
We don’t solve problems with canned methodologies. We help you solve the right problem in the right way. Our experience ensures that the solution works for you.