Saturday, September 15, 2018

Where to Start with Cybersecurity

"There are so many systems, networks, and security vulnerabilities I don't know where to start".

This is a common statement we hear from clients, their organizations have deployed systems and established connectivity to support the business' mission and objectives.  In many cases the priority was on establishing the necessary capabilities as soon as possible with little thought about maintaining the confidentiality, integrity, and availability of these now critical systems.  Once systems become critical to an organization's mission, adding the necessary layers of security poses a challenge, not only from the standpoint of potentially impacting performance and availability, but also, how to prioritize remediation efforts, both at the system and control levels.

McGARY CONSULTING (MC) can assist organizations in determining how and where to begin their Cybersecurity efforts.  We often see organizations engaged in a tactical only or bottom up remediation approach, including continuous vulnerability scans, endless patching cycles, and the implementation of security point solutions.  Although important Cybersecurity activities, they need to be performed in the context of a program informed by risk management with appropriate governance, and prioritization.  In contrast to the tactical only approach, MC focuses on a more strategic or top down approach, first understanding an organization's mission and business objectives as well as the processes and assets critical to business operations.

MC uses the NIST Cybersecurity Framework (CSF) as the foundation of our methodology to assist organizations with building Cybersecurity programs and also to evaluate the effectiveness of existing programs. Since the framework provides for a high level of customization, it can be used to support any organization's security requirements, regardless of size, industry, or compliance responsibilities.  Leveraging the NIST CSF to assess an organization's Cybersecurity posture provides a leading practice approach to answering questions like where and how to start.


  1. You have shared a nice article here about the Cyber security. Your article is very informative and useful for me because I was little confused about this. qccinstruct offers online cyber security courses at the affordable price.

  2. I wanted to thank you for this excellent read!! I definitely loved every little bit of it. I have you bookmarked your site to check out the new stuff you post. Ciberseguridad

  3. What a great post that you have shared here. You do make information easy for us, which we got good information. Thanks for this informative blog. Cyber Security Training Courses UK