Thank you for your interest in

Spheric's
CyberShield Beta Program

You are helping to advance the art!

Shield Current State Evaluation Engagement

Thank you for your interest in the Shield and its methods and Architecture.

 

Our mission at Spheric is sustainable security capability transfer through a tool and a series of control models and industry knowledge in the form of control frameworks. 

To ensure the Evaluation Program is successful, participants should have a strong need & desire to adopt "a better & less expensive way" to model, measure, visualize, analyze and communicate their state-of-control and state-of-compliance.

What I am really asking is, are you tired of the way it's done now? 

Spheric Shield External
Standard & Regulation Library

 

The following frameworks are contained in the tool library. 

  • NIST-CSF 1.1 

  • NIST 800-53 r4

  • ISO 27001/2: 2013

  • CIS-CSC 7

  • PCI-DSS: 3.2

  • Other (Ingest, Create)

Joint Engagement: The Beta Program involves the execution of a joint self-assessment engagement using the CyberShield tool over a 30 to 90 day period, depending on the scope and depth desired. The Participant is responsible for data collection and entry; and Spheric is responsible for the proper use of the tool and the delivery of the engagement value. The engagement involves a fee based on the requirements of the engagement. At the end of the engagement, the Participant may decide to retain the tool and its data for a fee, otherwise, a PDF report is provided as the final deliverable. 

Full Control: To ensure full control of the engagement and related data by the Participant, the tool is deployed by and under the full control of the Participant either locally, on-premise or in a cloud environment under their control. Spheric will provide support remotely via teleconferencing and will not at any time access the organization's systems or data. 

Engagement Stages: There are 4 stages to the beta engagement to be conducted within an agreed period of time. Once the engagement scope is defined, the Participant gathers existing information on its security control state and governing frameworks.  Spheric will advise the Participant's internal team on how to use the CyberShield to model their control world and contain and visualize the data. In many cases, data can be ingested from spreadsheet applications. The internal team should be composed of security product owners and control framework owners. 

Engagement Stages: 

 

  • Stage1: Control World Modeling: In the 1st stage, the internal "Security Management Objective" framework of the organization is modeled. Then, security tools and processes are registered and associated to the internal SMO framework. Note, an external standard can be selected as the SMO internal framework to expedite the engagement. 
     

  • Stage 2: Control Evaluation: This stage involves the capture of prior existing control assessment data to complement the collection of new data to ultimately complete a rated but qualitative effectiveness assessment of the state-of-controls. This evaluation can be conducted at increasing levels of precision to be decided during the scoping.
     

  • Stage 3: Control Projection: This stage involves the selection of two external governing frameworks from the CyberShield library.The tool enables the evaluated state-of-control defined by the internal framework  to be "projected" over to the selected external frameworks through mappings either provided by NIST for example or through custom inter-framework mappings.
     

  • Stage 4: Control State Visualization, Analysis & Reporting: This final engagement stage involves "consuming" what was created by the prior three stages. The tool provides the following:

    • Model of your internal security objective control framework,

      • Representation of your state-of-control inventory associated to SMO framework,

      • Representation of the effectiveness of your state-of-control associated to SMO framework

    • Model of two external regulatory/standard frameworks from tool library and any associated mappings 

      • Transformation of your evaluated state-of-control defined in your SMO internal framework
        projected into the 2 external frameworks selected