Triple EEE

Experience, Expertise, Excellence

Summary – NIST Security Assessment

Triple EEE IT Services will assess the security and compliance capabilities of your organization against the de-facto industry standard of the US National Institute of Standards and Technology (NIST) Cyber Security Framework. The NIST framework covers risk identification, asset protection, incident detection, response, and recovery. The assessment delivers a clearly structured report and is inval-uable input to your risk posture, your cyber strategy, and your cyber capability roadmap.

Value Proposition

Cyber security and legal compliance are critical capabilities for any organization in the light of ever evolving cyber threats and increasing regulatory pressures.  Oil & Gas organizations have traditionally seen an above average exposure to cyber threats, given their geopolitical position. The required capabilities to effectively defend the organization are wide ranging and complex. 

A NIST assessment of your capabilities will provide you with a clear benchmark against the NIST cyber security framework , the de-facto industry standard, and will provide invaluable insights for governing your security and compliance capabilities. 

Approach

The assessment will be conducted through a review of your risk matrix, technical and process documentation, Cyber Security governance,  interviews with stakeholders inside and outside your security and compliance function, and – optional – technical assessments and penetration testing of (parts of) your IT environment.

Resourcing

The assessment will be carried out by deep experts with a minimum of 15 years relevant experience in governance, operations, and relevant technologies in the Oil & Gas Industry. The optional technical assessments will consider the latest tactics, techniques and procedures used by your adversaries.

Timelines

The effort of the assessment depends on the depth of the review and the scope of your environments being assessed. Paper assessments (including interviews) can be conducted from an effort of 15 man-days. Assessments including technical work will require a minimum of 30 man-days.

Deliverables

The assessment will produce one or more reports depending on the scope.  The reports will propose improvements based on priority. The service delivery will be concluded with a read-out of the reports to your stakeholders, and a joint evaluation of the delivery.

Options

The scoping of the assessment will consider which lines of business to include, the number of documents to review, the number of stakeholders to interview, the number of systems to technically assess (including Industrial security if required), and the potential inclusion of third-party security reputation scores.  Scoping is determined as part of the service intake process and is followed by a specific service proposal for agreement.

Information

For more information about this service please contact us through the Client Enquiry Communication form n this site, or send an email to Hugo Cerutti from Triple EEE IT Services at hc@triple-eee.com .

Reference:

EEE-S-IT-004

© 2021 Triple EEE Management Support