Security Program Development
For organizations lacking the right people, processes, and technology to develop and advance their security programs, don’t worry—we’ve got you covered. Minerva offers an assortment of full-service programs tailored to your unique business needs, size, and risk that are designed to make your security program relevant, actionable, and sustainable.
Whatever your organization’s security needs—from creating vulnerability management programs to developing security policy, and everything in between—we’ll help you create processes and collateral to run any facet of your security program.
Our recommendations provide the foundation for a sustainable investment in people, processes, and technology, as well as measurable cybersecurity improvements in a time frame appropriate to your organization.
Vulnerability Management Program Development
The Vulnerability Management Program Development offering is intended to help customers build strong vulnerability management practices that ultimately prevent the exploitation of security vulnerabilities that exist within their organization. By tailoring each engagement and collaborating with our customers on goal definition, the Vulnerability Management Program Development offering is completely tailored to any organization regardless of its maturity or overall program needs.
The Vulnerability Management Program Development offering specifically focuses on the following key areas:
- Asset Inventory
- Configuration Management
- Patch Management
- Penetration Testing
- Remediation Verification
- Remediation Workflow
- Reporting & Key Performance Indicators
- Threat and Vulnerability Analysis
- Vulnerability Classification & Prioritization
- Vulnerability Management Policy
- Vulnerability Scanning
- Vulnerability Tracking
Red Team Program Development
Red teaming helps ensure your network and physical and social attack surfaces are secured. Red team programs typically consist of mission-oriented, adversarial threat simulations designed to test your readiness to withstand and detect targeted attacks. Minerva experts can help your organization build a red team program that can help you answer the question, “Are you prepared for an attack?”
Minerva Red Team Program Development engagements include:
- An evaluation of existing capabilities, technology, people, and artifacts surrounding existing penetration testing, threat detection, and incident response programs and goals.
- A review and classification of business processes, assets, users, and data to facilitate incident testing, and threat and response prioritization.
- The development and documentation of a Red Teaming Methodology, including:
- Red Team Framework
- Red Team Process Design Diagram
- Gap Analysis & Recommendation Report
- The delivery of reports, collateral, and presentations required to bridge the gap between current capabilities and target Red Team and Response program goals.
Attacks and attackers are constantly evolving. To ensure you’re always prepared, you need a plan—and you need to review it regularly. Our experts will evaluate your environment—from technology to assets to people, process, and policy—to rate your capability and offer relevant, business-based recommendations to help you meet your incident response program goals. Need to build your program from the ground up? We can help with that, too. Our Incident Response Program Development offering can be customized to help build or improve your capability in any area of the Security Program Lifecycle (Preparation, Prevention, Detection, Response, Remediation, Cleanup, Lessons Learned).
Vendor Management Program Development
While many organizations outsource vendor software or services to reduce costs and enhance business processes, it is important to understand the risks that go along with this. Several security breaches in recent history have been due to a compromise at an outsourced vendor. A robust vendor/3rd party management program is essential to any security program. To properly mitigate risk, organizations must develop a comprehensive program that governs the risks associated with using these providers. It is important to note that a comprehensive program is significantly more complex than utilizing a vendor security questionnaire or checklist. Minerva’s Vendor Management Program Development offering helps organizations build a program inclusive of the following areas:
- Risk Assessment Methodology
- Vendor Selection and Due Diligence
- Contract Review Provisions
- Ongoing Monitoring