Conquest Cyber’s experience working with federal and government institutions make us an ideal partner for many different agencies, departments, and organizations that need to deal with strict compliance and high-risk tech environments. The nature of the information they handle and the fact that they are government institutions makes them especially susceptible to cyber risk and mishandling of data. We helped this specific organization by enabling its digital transformation across all its divisions to prevent silos and ensure cyber operational maturity, efficiency, coordination, compliance, and risk transparency.
Our client is a federal agency tasked with administrating investments for federal employees and helping them make better choices with their funds. They handle classified data and personal and financial information for federal employees on a nation-wide basis, meaning they are a target for cyber theft and are also subject to strict compliance and regulation such as FISMA and NIST CSF.
The Challenge & Objectives
The federal agency needed to accelerate the maturity of its cyber operations and make a successful transition to a cloud and managed services environment, aligning and connecting all of its divisions. Because of the nature of their work, they approached cybersecurity based on compliance rather than risk. methods meant that their policies, processes, and procedures were often doing just enough to fulfill compliance standards, but not enough to build true resiliency. Conquest Cyber worked in close alignment with leadership to establish the following objectives for the project:
- Transition the Agency from a compliance-based to risk-based cyber security operations
- Improve risk transparency within an enterprise-wide approach
- Improve FISMA and Cyber Operations maturity 2-4 levels over 18 months
- Support Transition to secure managed services/cloud operating environment
- Improve end-user experience by leveraging industry best practices
The broad scope of the project demanded a multi-phased approach where Conquest supported leadership and implemented a series of interrelated projects to achieve these objectives.
- A Cyber Operational Maturity Monitoring Program to establish an agency baseline for cyber operational maturity and continuous monitoring, and a Cyber Risk Monitoring Program to establish an agency baseline for cybersecurity risk.
- Enterprise architecture developed to establish a solutions roadmap, inform risk assessment, and improve business continuity and disaster recovery.
- Policy and processes maturation by establishing consistent, risk-based, repeatable, and measurable policies, processes, and procedures that address design basis threats and protect critical missions.
- Transitioning cybersecurity operations to a managed services environment via a third-party service provider risk management program to improve compliance maturity
- Working with agency stakeholders to design and facilitate an IT governance process
- Advisory and support in assisting agency and vendor stakeholders on a transition to Office 365 and other cloud modernization efforts.
Working closely with both agency leadership and an additional partner in the project yielded many positive results and improvements across their divisions. They have improved the maturity of their cyber operations and successfully transitioned from a compliance-based toa risk-based cybersecurity model. Among the projects ongoing results are:
- The agency’s quality assurance effort applies best practices from a scaled AGILE framework to ensure high quality deliverables. This includes steps for research, data collection, concept development, stakeholder alignment, drafting, feedback, reviewing, and final submission of deliverables.
- We evolved their problem resolution approach with improved risk transparency across the entire enterprise
- They improved their cyber operations maturity and FISMA compliance.
- We helped them establish repeatable and measurable policies, processes, and procedures that help with problem resolution.
- Timeliness of communication, work delivery, and resolution of issues was vastly improved through a scaled AGILE framework
- Weekly meetings are held to ensure proactive and responsive client support and the continued development of their organization capacity for cyber ops maturation.
- Risk culture, communication, and operational practices, were all improved, leading to better working relationships with their internal and external clients, as well as the partners they collaborate with.