Loading
Blog | Cybersecurity
Recent ActivityRecent Activity

How to Achieve Your Target Cybersecurity Posture

Assess risk and identify gaps in your program with cybersecurity assessments.

Share This:

LinkedInLinkedIn
XX
FacebookFacebook
PrintPrint
EmailEmail
Focus is on two male employees viewing monitor with data

Every company’s journey to become more secure is unique. The factors that may impact your target security profile include operating risk, unique operating workflows, policies, procedures, risk tolerance, and more.

Unfortunately, it is impossible to become 100-percent risk free. The goal should be to establish a tolerable level of risk based upon your unique operating environments.

The journey to improve your industrial security strength, or posture, may seem complex, and for good reason. With many different methodologies, industrial standards, and available technologies on the market, the path forward may not be clear. You may wonder: "Where do we start?"

One way to begin this journey is through the use of security assessments. In its simplest form, a security assessment is a structured measurement of the security posture of a system or organization.

When used appropriately, assessments can be an extremely effective method to evaluate your current security posture, identify the gap between your current state and ideal target state, and lay out clear steps to achieve your target security posture.

Cybersecurity Preparedness Assessment
Assessment
Cybersecurity Preparedness Assessment

It's not a question of if your business will be subjected to a cybercrime, it's when. Take this quiz to evaluate your cybersecurity preparedness.

Take the Assessment

Types of Assessments

The phrase "security assessment" can mean many different things, so it's important to properly scope the assessment based on the intent of the initiative. The most common types of assessments may each yield different findings that can impact the steps you take in your security program.

  1. Vulnerability Assessment: Identifies known vulnerabilities that exist within an environment, in an effort to put an action plan in place to remediate them.
  2. Gap Analysis: Identifies the gap between an organization's existing security posture and the ideal target state of its security posture. Gap analyses are typically in consideration of a corporate or industry standard and are intended to clearly define the steps required to achieve the desired target security posture.
  3. Risk Assessment: Provides a more holistic view of an organization's security posture. A risk assessment combines elements of a vulnerability assessment and gap assessment to identify and assess known risks against the risk tolerance of the organization and its ideal security posture.
  4. Security Audit: This assessment-based service audits an organization's security posture and practices against a given industry standards or requirements body, usually to help ensure compliance such as NERC-CIP or other standards.

Bear in mind that while the above are common types of security assessments, it’s important to begin with an understanding of the intended objective prior to making a selection. This will be critical to help ensure proper expectations are both aligned and met, and the most effective assessment is selected to progress your cybersecurity program.

Be Realistic

When considering which type of assessment is right for your organization, remember that an assessment is a snapshot of one point in time. It should not be viewed as the sole solution to an organization’s security program. Rather, it is like a regular check-up to confirm maintenance, management, and technical controls are appropriate for your intended risk tolerance.

If you’re dealing with restricted budgets and limited resources and cannot perform an assessment across the entire organization, you may want to take a “representative sample” approach, which reduces the scope of the assessment to a portion of your organization that will offer a baseline.

Putting it all together

Security assessments can be effective tools to evaluate your current security posture, but must be properly selected, scoped, and paired with an actionable roadmap that lays out clear, actionable steps to achieve your target security profile. The right provider can help you with assessments and building a robust security program.

Learn More About Our Cybersecurity Solutions
Chevron DownChevron Down
Video
Cybersecurity Incident Response Plan: Ready to Respond

We integrate industrial security software from providers who understand operational functions within industry protocols, help secure your network and respond to incidents.

Published April 29, 2019

Topics: Cybersecurity

Quade Nettles
Quade Nettles
Product Manager for Cybersecurity Services, Rockwell Automation
Quade Nettles manages services associated with cyber security at Rockwell Automation. Quade’s primary responsibility is to develop the strategic roadmap for industrial cyber security services, which include consultative services like risk assessments and 24x7 managed support services. Since joining Rockwell Automation in 2012, Quade has held various positions with increasing responsibility in both technical and project management roles. Prior to his current position Quade served as a Global Program Manager of a cyber security program. Quade holds Bachelor of Business degree in Computer Information Systems from the University of Toledo and a Master of Business Administration degree from Cleveland State University.
Connect:
EmailEmail
Subscribe

Subscribe to Rockwell Automation and receive the latest news, thought leadership and information directly to your inbox.

Subscribe

Recommended For You

Loading
  1. Chevron LeftChevron Left Rockwell Automation Home Chevron RightChevron Right
  2. Chevron LeftChevron Left Company Chevron RightChevron Right
  3. Chevron LeftChevron Left News Chevron RightChevron Right
  4. Chevron LeftChevron Left Blogs Chevron RightChevron Right
Please update your cookie preferences to continue.
This feature requires cookies to enhance your experience. Please update your preferences to allow for these cookies:
  • Social Media Cookies
  • Functional Cookies
  • Performance Cookies
  • Marketing Cookies
  • All Cookies
You can update your preferences at any time. For more information please see our {0} Privacy Policy
CloseClose