The value of a prior security assessment

Implementing a CyberSecurity solution in your organization is a good start, but it has to be in line with your real needs.

Grégorio Matias

Basing decisions on sales presentations is counter-productive

These days, many organisations, large and small, tend to base their decision to adopt an IT security solution on what are, often, very convincing presentations from certain manufacturers, some of whom are highly unscrupulous. I've had clients/prospects tell me that manufacturer X has contacted them with the offer of a firewall that will make them compliant with the NIS2 standard... All lies of course!

However, although the decisions taken by these organisations are generally based on common sense, they are not always the best way forward. This is down to two main reasons:

  • The solutions deployed are not attuned to the needs of the business AND the risks acceptable to the organisation's management.
  • The solutions deployed are often not a priority.


Solutions in line with business needs

Cyber security involves putting in place technical and organisational measures to take the risk down to a level that is acceptable to decision-makers. It is therefore essential to start with this first point, which is often overlooked by most organisations. Answering the question "what risks are acceptable?
 “ is a complex task, and one that is directly linked to the organisation's business.

For example, when performing an audit, I came across an IT department that had implemented a virtualization-based redundancy solution (high availability), complete with a SAN and hosts. Naturally, this kind of solution comes at a cost. The aim was to ensure automatic failover and a very high level of availability for the infrastructure.

However, after asking the relevant questions, it emerged that the organisation's managers were prepared to accept several days' downtime for the entire IT system. Confidentiality of information, however, was a critical point for them. This is when it became obvious that the solutions deployed did not cut the risk to the desired level, and that not enough budget was left over to achieve this objective.


Integrating best practice at MCG

That’s why, at MCG, we always integrate best practices into our Cyber Audits. We systematically factor in the actual requirements of the business and the risk perception of the organisation's management before rolling out a solution. This allows the resulting recommendations to be tailored to the business and prioritised accordingly.

The value of a prior security assessment

Tell us about your needs

Let's assess your Cyber Security together

Thank you for your message, we’ll contact you very soon! Fill all fields Error when creating request. Please try again