Building your Cybersecurity Program

Evolved Cyber Solutions applies the NIST Cybersecurity Framework (CSF) to help you develop and/or improve your cybersecurity program.  The CSF provides a common language for communicating information and decisions about security within all levels of an organization. 

We follow a 7 step process to establishing or evolving your security program:

Step 1: Prioritize and Scope.  We work with you to identify business/mission objectives and high-level organizational priorities. We determine the scope of systems and assets that support the business .

 Step 2: Orient. Once the scope of the cybersecurity program has been determined for your business, we help you identify related systems and assets, regulatory requirements, and overall risk approach. We then identify threats to, and vulnerabilities of, those systems and assets.

Step 3: Create a Current Profile.  We develop a Current Profile of your security environment by indicating which Category and Subcategory outcomes from the Framework Core are currently being achieved.

Step 4: Conduct a Risk Assessment. We analyze the operational environment in order to discern the likelihood of a cybersecurity event and the impact that the event could have on the organization.

Step 5: Create a Target Profile. We create a Target Profile that focuses on the assessment of the Framework Categories and Subcategories describing the organization’s desired cybersecurity outcomes.


Step 6: Determine, Analyze, and Prioritize Gaps. We compare the Current Profile and the Target Profile to determine gaps. Next we create a prioritized action plan to address those gaps. We identify the resources necessary to address the gaps so that you can make informed decisions.


Step 7: Implement Action Plan. We support you through the implementation of the actions.


Building an Information Security Organization

To ensure that your security program is effective, ECS helps you establish an Information Security Organization (ISO) to serve your enterprise. 

First and foremost, ECS  identifies the knowledge, skills and abilities (KSAs) required to implement and maintain your new ISO and strategy.  These KSAs are tailored to your business to ensure the success of the ISO.   ECS organizes these KSAs by function and position type, providing a comprehensive organizational strategy. 

ECS  works with your Human Resources to identify where information security work is currently being performed and by which positions.  By identifying the existing organizational placement of the information security work, we can determine how much movement/reassignment is required to implement the new strategy. 

Finally, ECS works with your Management and Human Resources to identify methods for addressing the gaps in KSAs required for implementation and support of the new ISO.  We provide ideas for training classes/programs, recruitment opportunities, and/or reassignment or redesign of existing positions.