As a required part of the Texas Cybersecurity Framework, security assessments are an ongoing element of security programs. A security assessment can give government organizations an accurate understanding of needs, but without a risk lens, it can be difficult to focus attention on the most critical issues and gaps that the assessment identifies. A clear risk focus can ensure that assessment findings, audits and other control evaluations can be used to chart an efficient and effective course towards improving security posture and executing on strategic objectives. The result is less overspending and greater advancement towards improved cybersecurity posture.

 

Too often a security assessment only produces a tactical to-do list instead of addressing risk and suggesting a strategy. As a result, the team is left with only the means to fix symptoms instead of creating the strong security posture needed to advance the security program’s maturity and capabilities. Even more commonly, an assessment only results in the purchase of more tools, software and equipment without defining a strategic approach that truly defends against attacks and threats aimed at the organization.

 

In this session attendees will learn how to connect assessment issues to the key elements of risk. They will also discover how to leverage the assessment beyond a list of actions into a prioritized strategy that enables them to carefully align limited resources for optimal results. Participants will learn: