For small-to-medium-sized (SMB) looking for help strengthening their cybersecurity, Totem Technologies will perform a Security Assessment, or “Gap Analysis”, according to our Totem Top 10™ cybersecurity methodology. This assessment is ideal for SMBs operating across all industries, whether regulated or not.
We’ll help you develop custom policies, personalized strategies, and a game plan that fits your small-to-medium-sized business needs and reduces your overall cybersecurity risk.
What to Expect During the Assessment:
- Know Your Assets
- Train Your Users
- Protect Your Endpoints
- Patch Software & Operating Systems
- Restrict Admin Privileges
- Harden System Components
- Segment Your Network
- Backup Data & Test Restoration
- Enable Multi-Factor Authentication
- Collect & Analyze Event Logs
✔ The Security Assessment will take approximately 30 hours. This can be increased or decreased as needed. We understand that 30 hours is a lot of time to dedicate to an engagement like this, so we spread the assessment time over several weeks.
✔ Prior to the engagement, Totem will provide a security assessment preparation checklist as well as a spreadsheet listing the Totem Top 10™ controls as a “read-ahead” to familiarize your organization with the controls and requirements for compelling evidence.
✔ A cybersecurity engineer from Totem’s Cybersecurity Assessment Team will work with your staff members to review the information systems, policies, processes, and procedures that relate to your organization’s small business cybersecurity posture.
✔ Totem manages the assessment in our proprietary Totem™ Cybersecurity Compliance Management tool.
What Your Organization Will Receive After the Assessment:
At the conclusion of Totem’s security assessment, your organization will receive the following deliverables:
- System Security Plan (SSP) – an “artifact” required by the Totem Top 10™ controls. The SSP is the “blueprints” for your small business cybersecurity program.
- Security Assessment Report (SAR) in the Totem™ tool that details the current cybersecurity program’s strengths and weaknesses.
- Plan of Actions and Milestones (POA&M) – a report that contains the corrective action plans for your organization’s cybersecurity program. The POA&M is essentially the “cybersecurity get well plan”.
- Various security policies and artifacts, such as employee acceptable use policy statements, incident response plan, risk assessment, etc., to act as “compelling evidence” of the cybersecurity program implementation.
Here’s what Totem customers have to say: