The report outlines major vulnerabilities as well as suggestions for remedying the situation.
A quick way to get a comprehensive overview of your organisation’s security.
The report is an input for management to manage strategic changes.
A 2-hour interview is conducted with the client and a report is delivered in 3 business days.
The methodology is based on generally accepted standards in the field.
The output of the interview is a compact report that is visually easy to understand.
KPMG’s information security and cyber maturity assessment (CMA) is a quick, compact and comprehensive risk assessment of the level of protection of the client’s information assets and cyber threat response capabilities.
The CMA is a unique service on the market which, in addition to assessing technical cyber security capability, allows to provide, on the basis of a 2-hour interview, an information security assessment of the processes and physical security as well as aspects to do with the employees, in order to enable our client to understand the various security vulnerabilities that affect the company.
Visualisation of the current state and maturity level of information security and cyber security helps link the technical and business perspectives, enables the presentation of complex information in a simplified form, and provides management with good input for managing strategic changes.
The main motivation behind creating KPMG’s CMA service was to develop a service that would help management map the overall state of information security and cyber security in the company in a short time and with limited resources, and provide an overview of major vulnerabilities. As a result of the CMA, management receives the necessary input which describes, in order of priority, how resources should be planned from the perspective of information security and cyber security. Based on this input, it is much easier for the company to decide whether additional IT checks should be carried out and in what order.
The quality of the service is ensured by the methodology used and the experience of the specialists providing the service:
We send the CMA questions in advance so that the client can prepare for the interview (about 140 questions). Based on these questions, the client can involve all persons with the necessary knowledge. We will then schedule a specific time for the interview.
We conduct a fairly intense interview with the client and go through all the CMA interview questions.
KPMG specialists analyse the client’s responses and provide assessments of the relevant topics on the basis of the CMA methodology. The overall CMA score is calculated by combining the ratings for the topics.
The report outlines major vulnerabilities and, in order of priority, the actions to be taken to remedy the situation (together with an estimation of the resources needed). The results are formalised in a CMA report delivered to the client within 3 business days. The results of the report are presented to the client during a meeting.
Each topic is rated on a percentage scale, where the highest possible rating is 100% and the lowest is 0%. In addition, the percentage scale is divided into four performance-based categories: excellent (90–100%), good (75–89%), satisfactory (60–74%), and deficient (0–59%).
Each topic is further subdivided into sub-topics (for example, the “Defence” topic uses sub-topics such as “Secure configuration of hardware and software”, “Malware prevention”, “Data protection”, and many others). In addition to the main topics, the client can also see the ratings of various sub-topics.
As a rule, the interview with the client takes place in the Microsoft Teams environment, but we are also ready to conduct the interview at the physical location chosen by the client.
Please note that the CMA is intended as the first step in mapping the information security and cyber security vulnerabilities of an organisation and it is not a substitute for a traditional IT audit, IT risk analysis or penetration testing.
CMA The output of the CMA service is a compact report in Estonian and in English which is visually easy to understand and includes:
Provide a safe and sustainable business environment for your company. We help build a resilient and reliable digital landscape, even in the face of changing threats.
HR assessment focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.
Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.
Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.