By Madison Iler   /   Jun 1st, 2018

The Fundamentals of Cybersecurity: Setting Up Your Cybersecurity Program

At LMG Security, we often hear from organizations who are in the early stages of setting up a cybersecurity program, and they are looking to us to help them figure out a logical roadmap.

We recommend a security controls assessment, where LMG consultants evaluate a client’s overall security program to get a picture of their current security posture and identify areas where improvements are needed. Then our recommendations can be used for the client to plan their path forward.

To perform this type of assessment, LMG decided to develop a list of “Security Fundamentals” that an organization should put in place as a starting point for developing a security program. We know that organizations can’t address every gap and set up a lot of new tools and processes at the same time, so we want to provide high-value, realistic, actionable first steps to get you started in the right direction.

A team of LMG consultants used our knowledge of widely-used frameworks and our general familiarity with security threats and best practices to identify 10 key activities we think are essential.

Security Fundamentals Key Activities

Ownership & Management Confidentiality
Asset Management Availability & Continuity Planning
Software Lifecycle Management Network Security
Training Detection & Investigation
Access Control Continuous Monitoring

Then we developed a short list of action items for each Key Activity. For example, The Access Control Key Activity requires technical access controls, consistent access control processes, and multifactor authentication for remote access.

Client feedback on this starter approach has been excellent! Contact LMG today to talk about how LMG’s Security Fundamentals can help your organization focus on the most important and impactful security controls to from a strong base for your security program.

About the Author

Madison Iler

Madison is LMG’s Chief Strategy Officer. She assesses organizations’ compliance with regulatory requirements such as HIPAA, and assesses the strength of their security program and overall security posture using widely-accepted frameworks such as the NIST Cybersecurity Framework. She previously served as a Senior Network Security Engineer for Lockheed Martin in support of the National Science Foundation, Security Engineer for SecureInfo, and Security Compliance Analyst for Raytheon Technical Services. Prior to moving into IT security, Madison worked in IT operations. She has also worked as a management consultant with McKinsey & Company. Madison earned her BA in Economics from the University of Colorado and her MBA from MIT’s Sloan School of Management. She holds her CISSP and HCISPP security certifications.

CONTACT US