Comprehensive Information Security Program Management without the Guesswork.
Research shows CISOs are often hampered by inadequate strategy, resources, communication, and executive trust. (CPA Practice Advisor, August 25, 2015). These management problems are solved with a MAPP—a Maturity Assessment, Profile and Plan focused on strengthening process maturity. Now assisted with a groundbreaking SaaS called TrustMAPP℠, the MAPP method is a repeatable, reliable, and robust management method that saves time and costs.
TrustMAPP Builds a Maturity-Based Security Program in 3 Steps:
Assess – Processes derived from regulatory requirements and industry frameworks are measured using six maturity attributes from COBIT and each attribute is scored on a maturity scale of one through five. This measurement is rapid and repeatable using pre-built assessment templates configured to the NIST Cyber Security Framework and ISO27001, as well as industry-specific regulations such as GLBA, HIPAA, PCI DSS, GLBA, FFIEC, FISMA, and SOX.
Profile – Each business process maturity is scored using six dimensions of maturity adopted from COBIT: awareness, policy and procedures, automation, expertise, accountability, and measurability. Multiple streams of assessment data is transformed into meaningful visual summaries of security status and investment needs for effective communication with executives and boards. Perform trending analysis and see process improvements over time to represent ROI with executive stakeholders.
Plan – Pre-populated recommendations for information security improvements are prioritized by highest business impact and delivered with resource hours and capital cost estimates—forming the foundation for strategic plans and budgets that advance maturity goals and improve cyber security posture. TrustMAPP empowers leadership with a clear picture of the organization’s cybersecurity posture, including trending analysis, planning and budgeting, and built-in support for multiple frameworks.