Cyber Maturity Assessment (CMA)
The report includes
a list of the most important bottlenecks and recommendations for improving the situation
Security overview
A quick way to get a comprehensive overview of your organisation's security posture
Change management
The report is an input for management to manage strategic changes
An interview with the client
A two-hour interview with the client and a report within three working days
Methodology
The methodology is based on generally accepted information security standards
Interview outcome
The outcome of the interview is a compact and visually easy-to-understand report
Comprehensive risk assessment
A cyber maturity assessment (CMA) by KPMG is a compact and comprehensive risk assessment of the client’s ability to protect its information assets and respond to cyber threats. A CMA is carried out over a relatively short time.
Visualization of the company’s current cyber security posture and its level of cyber maturity help integrate the technical and business perspectives, allows complex information to be presented in a simplified form, and provides management with good input for managing strategic changes.
An overview of the most important bottlenecks
KPMG’s main motivation behind the creation of the CMA service was to help the client’s management map the general information and cyber security posture within a short time and using few resources, as well as provide an overview of the most important bottlenecks. CMA provides the company's management with the necessary input by describing, in order of priority, how resources should be planned in the future from the point of view of information and cyber security. This input makes it much easier for the company to decide whether they need to carry out additional IT checks and in what order.The quality of the service is guaranteed by the methodology used and the experience of the professionals providing the service:
- The CMA methodology is based on generally accepted information and cyber security standards as well as best practices – for example, on ISO/IEC 27000 series standards, NIST Cybersecurity Framework, CCS CSC, COBIT 5, etc.;
- the service is performed by top cyber security experts with extensive experience – our experts have experience in international projects and hold internationally recognized professional certifications such as CISM, CISA, CRISC, CGEIT, ISO/IEC 27001 Lead Auditor, GSEC, GMOB, GCCC, GPEN, GWAPT, OSCP, CEH etc.
Pre-project communication - We send interview questions to the client and discuss the client's needs
We send the CMA questions in advance so that the client can prepare for the interview (about 140 questions). Based on these questions, the client can involve all persons with the necessary knowledge. We will then schedule a specific time for the interview.
Interview with the client (approx. two hours)
The interview with the client is relatively intensive. We go over all CMA interview questions.
Analysis and evaluation of the responses given during the interview (approx. three working days)
KPMG specialists analyse the responses given by the client and give assessments on the relevant focus areas based on the CMA methodology. The combined assessments on focus areas form the CMA aggregate score.Creating a report and presenting the results to the client
The report highlights the most important bottlenecks and, in order of priority, the necessary actions that need to be taken to improve the situation (with indicative estimates of the required resources). The results are formalised in the CMA report and delivered to the client within three working days. The report is presented to the client in a face-to-face meeting.Making the assessment
Each focus area is further divided into sub-areas (for example, the focus area of protection has sub-areas such as "Secure configuration of hardware and software", "Malware prevention", "Data protection" and many others). In addition to the focus areas, the client also gets an overview of the assessment of various sub-areas.
Additional information
As a rule, the interview with the client takes place in the Microsoft Teams environment, but we are also available to conduct the interview in a physical location chosen by the client.We would like to emphasize that the CMA is intended to be the first step in mapping the institution's information and cyber security bottlenecks, and it does not replace classic IT audits, IT risk assessments and penetration tests
Outcome of CMA service
The outcome of the CMA service is a compact and visually easy-to-understand report (both in Estonian and English), which contains:
- the aggregate score of cyber maturity (0-100%)
- the individual scores achieved in CMA focus areas: planning, protection, detection, response and recovery (0-100%)
- the most important bottlenecks and their descriptions
- recommendations for improving the situation
- indicative assessment of the resources needed to improve the situation
- the comparison of the company’s aggregate score with that of companies in the peer group
Turn threats into opportunities
Provide a safe and sustainable business environment for your company! We will help you build a resilient and reliable digital world, even in the face of changing threats.
KPMG Baltics OÜ
+372 626 8700itaudit@kpmg.ee
Ahtri 4, 10151 Tallinn, Estonia
Võta meiega ühendust
${i18n('ask_more')}
HR assessment
HR assessment focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.
${i18n('ask_more')}
Threat assessment
Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.
${i18n('ask_more')}
Maturity assessment
Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.