Service Description

AHEADs Cyber Security Ransomware Strategy Development Engagement helps organizations standardize and enhance their cyber security strategy. The Cyber Security Strategy Development Engagement is designed to work with organizations to evaluate their current defense in-depth strategy as it relates to ransomware. In addition, AHEAD will work with the Client to develop a plan of action to remediate discovered gaps. This plan of action includes the following recommendations:

• Documentation of business and regulatory requirements
• Alignment of the security program with business requirements
• Cyber security policy recommendations
• Development of security SLOs
• Staffing and head count recommendations
• Security automation recommendations
• Tooling recommendations
• Evaluation of insource vs outsourcing options

This engagement is built upon AHEADs security methodology which incorporates the following security principals:

• The NIST Cyber Security Framework (CSF) Functions
• Analysis of the 7 Tactics, Techniques, and Procedures (TTPs) Used in 99% of Data Compromise
• CIS Critical Security Controls used to mitigate attacks
• Evaluation of in place controls as compared to the MITRE ATT&CK framework

Service Scope

This is a fixed scope service that provides security evaluation of in-scope, business units, environments, techniques, tactics, and procedures. This service will use a prescriptive approach which assesses the Clients current security practices. AHEADs approach includes evaluations of controls provided by CIS in relation to in scope TTPs. Controls will be rated using a security process evaluation model to determine the maturity of the control.

Using this process assessment methodology, the Client will be provided a deliverable based on their environment.

Please contact AHEAD for the full scope of this Service.

Service Deliverables

The following deliverables are provided in connection with this service:

• AHEADs Cloud Security Foundation, documenting the results of this Service
• Tooling Matrix
• Road Map

Please contact AHEAD for full details of the Deliverables of this Service.

Service Exclusions

AHEAD is responsible only for performing the Service, as described in the official Service Brief. All other services are considered out of scope. Please contact AHEAD for a list of specific exclusions.

Assumptions

AHEAD will rely on certain Assumptions in the performance of this Service. Please contact AHEAD for a list of these assumptions.