Cybersecurity Risk Assessment

The client needed a centralized view of their cybersecurity posture and risk to be able to demonstrate compliance with regulatory requirements. Additionally, the client needed a roadmap to demonstrate how they would address any unacceptable risks as part of compliance reporting.

Cybersecurity Risk Assessment

Project Information

Regional Healthcare Provider (~ 2,500 Employees)
January 1, 2022
Risk Assessment

How this Project works

Hale Consulting Solutions LLC was engaged on this effort to assist to:

Assess Enterprise Risk

Using the CIS Risk Assessment Method (RAM), we conducted interviews and evaluated the client response to assess the organizations inherent level of risk, risk tolerance and specific levels of maturity against the 17 Controls and 55 CIS Safeguards that comprise IG1.

Identify Mitigating Safeguards

For each of the safeguards that was determined to have an “unacceptable” level of risk associated with it, we worked with the client, using the CIS recommended safeguards as a guide, to identify the safeguards that could be implemented to bring the level of risk to an “acceptable” level.  

Additionally, foreach recommended safeguard we worked with the client to estimate the approximate cost and timeframe required to implement that safeguard.

Develop a Remediation Roadmap

Using the recommended safeguards, costs and timeframes along with the relative priority (determined by level of maturity or risk) to develop a 3-year roadmap for remediation that incorporated organizational constraints (budget and resource availability).

Case Studies

Project Result & Benefits of Project

  • Increased awareness of cybersecurity risk and risk categories across the organization
  • Identified and prioritized risks by relative risk level, cost and level of effort for remediation
  • Developed a 3-year roadmap to address “unacceptable” risks based upon organizational priorities and constraints
Cybersecurity Risk Assessment
“Trust in the digital business age is every bit as important as actual service delivery.  Few things impact a company’s brand more than a badly handled data breach or prolonged service outage.” - Hugh Callaghan