The engagement encompassed the design of a broad series of assessments—not intended to measure compliance with policy or conformance to leading practice/ technology controls, but rather to focus on assessing the company’s cybersecurity posture in the face of attacks other Fortune 100 companies had recently suffered. Essentially, the questions were, “What if someone does this to us? How would we fare? How are we positioned to make an attacker’s tasks difficult, to detect that an attack scenario is underway, and to respond to attacks we detect?”

Responding to targeted CYBERATTACKS