G2 Commercial Practice
Commercial Home Implementation Training Consulting About Our Commercial Team

Implementation


Partnering with organizations to improve or develop cybersecurity programs




Our cybersecurity experts develop a risk informed cybersecurity program based on risks to your environment. Our engagement concludes with a roadmap and action plan to help you understand specific actions your organization can take to improve cybersecurity considerations.

Working with your operations team, we identify a high-level roadmap outlining projects required to meet organizationally defined cybersecurity goals. Our team further divides the roadmap by identifying the initial project plan required to implement each roadmap item. Our project plans identify:


1. The WBS level 1 Activities required to meet the objective of the action plan,
2. A description of the action plan goals,
3. The relative cost for the action plan,
4. The prerequisites & dependencies of the action plan (where applicable),
5. The types of resources required to complete the action plan (both internal and external, where applicable),
6. Key milestones to help track the action plan to completion,
7. The estimated duration to complete the activities in the action plan, and
8. The Framework Subcategories addressed by completing the activities within the action plan

Leveraging the implementation steps identified within the Cybersecurity Framework, our cybersecurity team works with key stakeholders to scope and prioritize cybersecurity activities based on your organization’s mission objectives, business drivers, and cybersecurity risk thresholds. Next our team works with business managers to orient your cybersecurity program based on the scope previously defined by stakeholders within the organization. Orienting your cybersecurity programs assist you in understand the assets (people, processes, and technologies) required to operate the environment being oriented. Our cybersecurity experts then work with your organization based on your requirements to understand the current state of cybersecurity for the environment by performing a current state assessment. A current state assessment can be conducted as a table top exercise, facilitated working session, current policy and procedure review, or for organization seeking a robust independent analysis our cybersecurity team will complete an independent assessment of current policies and operational practices. After completing a current state assessment, we work with organizational stakeholders, business managers, and operators to perform a risk assessment for your environment. The information identified from the risk assessment is used to create the proper target state cybersecurity program for your environment. The target state identifies the organizations cybersecurity program end goal. It assists your organization in remaining on track to achieve desired outcomes. After identifying the target state for your environment, we assist your organization in identify gaps between the current state and target state cybersecurity program within your organization. Our cybersecurity experts leverage this gap analysis to create and prioritize activities your organization can undertake to achieve your target state cybersecurity goals. These activities become the basis for your organization cybersecurity improvement roadmap.

The G2 commercial team has developed a robust set of capabilities by leveraging our 13 year history in supporting clients within the Department of Defense, Intelligence Community, Private sector, and Department of State. Our commercial capabilities include Risk Assessment, Scoping, Identify, Protect, Detect, Respond, and Recover. We leverage our capabilities individually or as a complete service offering package depending on your needs.

Risk Assessment

G2 Cybersecurity SMEs have assisted organization in completing dozens of security risk assessments using methodologies including NIST SP 800-30. Working with your organization, we will define threats to your environment, determine the likelihood they will occur, and the consequences that could be realized by your organization if they do occur to identify the security risk to your organization. Our cybersecurity SMEs, leveraging their experience, assist organizations in understanding the security risks to their environment to identifying the appropriate risk thresholds for your organization based on industry standards and your mission goals.

Scoping

Even the smallest organization can have multiple levels of concern and risk appetite for the systems and business units within their organization. Understanding how the mission goals and business drivers for each business unit and/or system in your organization ensures cybersecurity protections can be applied at the level commensurate to the security required. For example, a database containing personal information such has credit card data or health information typically requires high confidentiality protections to ensure the data is only authorized appropriately. Systems used within the organization to plan and organize the organizations holiday party, while important, may not have the same security requirements. Understanding the business goals and mission drivers for the business units and systems within your organization enables a cost effective approach for implementing cybersecurity protections. Our Cybersecurity SMEs have assisted clients, including the Federal Government, categorize their business units and systems enabling them to apply the appropriate level of resources necessary to protect their mission. Our cybersecurity SMEs develop an understanding of risk concerns for your environment, your mission objectives, and business goals by working closely with executives and managers within your organization, through a series of facilitated working sessions. Through decades of experience, our team analyzes the information from these working sessions to properly categorize your organization. While all capabilities within our commercial cybersecurity practice can be provided individually, or a al carte, our experts will work closely with your organization prior to developing a Statement of Work (SOW) to ensure the proper package is developed to meet your needs. Our service packages can include a full cybersecurity assessment leveraging the Cybersecurity Framework, or an combination of services to ensure the greatest return on your investment to your cybersecurity program.

While all capabilities within our commercial cybersecurity practice can be provided individually, or a al carte, our experts will work closely with your organization prior to developing a Statement of Work (SOW) to ensure the proper package is developed to meet your needs. Our service packages can include a full cybersecurity assessment leveraging the Cybersecurity Framework, or an combination of services to ensure the greatest return on your investment to your cybersecurity program.

Contact us to learn more and get started
Contact Email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Contact Phone: 301-575-5139