Regional Police Service

Leveraging MTA to prevent disruption of regional police service’s information technology resources.

The Challenge

With a heavy reliance on technology for day to-to-day police operations, this regional police service is concerned with increasing targeted security threats against all law enforcement organizations. Their overall objective was to ensure the appropriate information security controls were implemented within its networks, servers, applications, and computing platforms to preserve integrity, confidentiality, and availability of its information and computing resources. Effective implementation of these security controls would aid in the prevention of unauthorized, accidental, or deliberate disruption of the client’s information technology resources.

The Approach

“[The organization] has been a great client of MNP for over 16 years and we were happy when they accepted our proposal to perform a maturity and threat analysis (MTA) to assess existing cyber security controls and risks. This included applying industry-specific, threat-based data from the Verizon Data Breach Investigations Report, information on the latest ‘real world’ threats against an organization like them,” said Danny Timmins, MNP National Cyber Security Leader. “By assessing current controls and current threats to [the client], along with estimated risk loss provided by the client, we were able to create a customized, prioritized list of security initiatives for the upcoming budget year.” With this information, the client could allocate resources and budget more accurately and effectively.

MNP’s Maturity and Threat Assessment is based on three major benchmark sources:

  1. The OpenFAIR risk assessment methodology to assess estimated risk loss of a cyber attack / breach
  2. Threat classification, frequencies, and statistics from the annual Verizon Data Breach Investigations Report
  3. The Center for Internet Security (CIS) Critical Security Controls Framework to assess and validate controls as part of MNP’s analysis.

Information for the Maturity and Threat Analysis was gathered in a variety of ways. The process began with meetings and interviews conducted with key personnel, as well as the analysis of documentation provided by the project team. Information gathering workshops were performed over a weeks’ time enabling MNP to identify and analyze the core business processes, underlying assets, and technology components, as well as perform the Critical Security Controls assessment of safeguards in use.

The Result

By performing the MTA for the client, MNP was able to provide them with an in-depth report on all areas of security, as well as highlight their most high-risk areas. Recommendations for immediate fixes were provided, allowing the client to create a project, budget accordingly, and increase their cyber security maturity. Along with immediate recommendations, MNP also provided reports that would allow for further discussion and planning on additional security projects, essentially providing a security roadmap.

The IT Manager for the client provided feedback during a recent National Policing Cybercrime Summit. She stated the project had helped them prioritize and focus on specific cyber initiatives, aiding in the direction of budget and resource allocation. Another deliverable was to help senior management and leadership team quantify the cyber program. MNP provided the client with baseline security for the entire organization to be measured against for the years to come — in essence a ROI of the police services cyber security program.

To learn more about MNP’s Maturity and Threat Analysis (MTA) services, contact us today.