Security Controls Assessment and Implementation
ScottMadden designed and implemented a single, comprehensive information security framework following a merger of two large U.S. energy companies.
Organizational Alignment
- Aligned customer expectations, industry norms, and core business requirements
Operational Efficiency
- NIST Cybersecurity Framework and C2M2 maturity indicators adapted and applied for a simple control framework
Modernized Systems
- Streamlined, harmonized, and modernized more than 800 archaic security controls into 25 enterprise-wide policies
Challenge
Two large U.S. energy companies merged and needed to standardize their security controls across the newly consolidated enterprise. Simplifying the security controls for a broader footprint with clear ownership and accountability was a key target objective.
Process
- Established a simple control framework using the NIST Cybersecurity Framework augmented with maturity indicators from the Cybersecurity Capability Maturity Model (C2M2)
- Identified owners for each control area and key control performers from all business units
- Assessed organization’s maturity of control performance through surveys and interviews
- Identified key gaps in control performance and recommended remediations
- Conducted security controls workshop for control owners and established peer groups to define future state of security controls
- Collaborated with enterprise leadership to support consolidated future state controls
- Implemented periodic control assessment process to ensure regular performance and gap analysis
Result
- Harmonized and modernized more than 800 archaic security controls into 25 enterprise-wide policies
Related Insights
Information Security Program Development
Case Study
ScottMadden developed, documented, and supported the implementation of a multidivisional information security program for a specialized utility service provider.
Data Privacy Program Development
Case Study
ScottMadden developed a program to protect mission-critical data and comply with federal and international regulations.
Cybersecurity Risk-Based Business Plan
Case Study
ScottMadden supported the preparation and planning of a cybersecurity framework and effectively communicated with multiple stakeholder groups the benefits the business could expect to see.
Let’s Work Together
We don’t solve problems with canned methodologies. We help you solve the right problem in the right way. Our experience ensures that the solution works for you.