What is SMaaS

Ongoing assessment and remediation to identify and protect your business objectives. We meet with your enterprise, Information Systems, departmental and compliance stakeholders to comprehend your attack surface - people, processes and technology - current measures to secure the business environment (security posture); identify security laps (gaps) and prioritize remediation (corrective measures / controls) efforts. The priority is given to high risk high impact security controls in the context of business objectives. You receive a Gaps and Remediation Report (GRR) along with a Plan of Actions and Milestones (PoA&M) to help you manage enhancing the security posture of your organization on an ongoing basis.

Why SMaaS

• Powered by SPS Security Management Automation Platform with decades of security management knowledge base and industry best practices
• Dedicated cybersecurity account team including identity, access, data, network, system, application security expertise
• Inclusion of all stakeholders to ensure coverage and accountability
• Ongoing Security Policy development, enforcement, improvement, and review
• Automation of Attack Surface Management and Risk quantification
• Automation of Stakeholder notification using MYID 
• Ready to use templates to generate security management reports and policies including Gaps, Remediation, Incident Response, Risk Management, and System Security Plan

Services / Activities:

• Attack Surface Management and Risk Quantification: Identifying and managing potential points of vulnerability (attack surface) and assessing associated risks.
• Gaps Assessment and Remediation: Evaluating existing cybersecurity measures against NIST CSF to identify gaps and providing remediation strategies.
• Security Policy Development, Enforcement, Review, and Enhancement: Developing, enforcing, reviewing, and enhancing security policies to establish and maintain a secure organizational environment. Relevant security standards shall be utilised such as but not restricted to NIST 800-171r5, OWASP Recommendations for System / Software Development Lifecycle and similar.
• Discovery, Classification, and Governance of Sensitive Data: Identifying, classifying, and governing sensitive data across different environments, ensuring compliance and security.
• Regular Security Assessments: Conduct planned activities to assess vulnerabilities, threats associated with network, endpoints, applications, user access and management and such.

Outcomes & Deliverables:

• Gaps assessment and Remediation Report (GRR) : Document outlining remediation actions based on the assessed gaps in the current security posture.
• Plan of Actions and Milestones (PoA&M) : Prioritise the remediation aligned with business objectives adhering complying to NIST CSF.
• System Security Plan (SSP) : Comprehensive documentation detailing the security measures, controls for the organization using but not limited to NIST 80017r5, OWASP top 10. They shall be referred to procedures in security policy documents.
• Security Policy Documents: develop, review, enhance existing policy documents.
• Incident Response Plan : Document specifying the procedures and actions to be taken in response to cybersecurity incidents.
• Risk Management Framework: a system of identifying assessing and mitigating cybersecurity risks based on NIST SP 800-37 recommendations.
• Disaster Recovery and Business Continuity Plan : Identifying, classifying, and governing sensitive data across different environments, ensuring compliance and security.

Pricing

• Starting at USD 5,000 for 40 hours of consulting services per month