# Opener

The Path to Continuous Cyber Improvement, Bonus: Case Study

Published by Axio

This is a bonus piece to our series on continuous cyber improvement. We’ll be going through a case study featuring a client that utilized Axio360 to improve their cybersecurity risk management program.

America’s critical infrastructure is essential to our economy, society and overall safety. As technology advances, cybersecurity risk management has become a major priority for these organizations. It’s imperative to have a cybersecurity risk management program that allows for visibility, collaboration and continuous improvement.

For the past few years, Axio had the privilege of working with clients within the critical infrastructure realm. Axio was able to partner with their organization leaders to transform their cybersecurity risk management program so that they can identify gaps, prioritize decisions, promote collaboration and continuously improve in an efficient, holistic way.

Siloed Security Domains = Disconnected Cybersecurity Program

Powerplant ImageOne of Axio’s clients is a utilities board that provides power, water and wastewater services to residents in their area. They are a large, highly complex enterprise that contained both information technology and operational technology functions. Their security domains at the time were operating in silos.

This client mainly relied on spreadsheets and documents to track and manage the risk management framework they were using. They took a highly popular framework, adjusted it to incorporate their own approach and used it as their security standards. Updating and maintaining these disconnected spreadsheets and documents was time consuming and ate up a lot of resources. Moreover, there was no convenient way to show how they’ve progressed and what improvements have occurred.

Disconnected spreadsheets and documents prevented proper collaboration across business functions. Due to this disconnect and lack of visibility, there was no central target that all parts of the organizations were aiming for. Without a holistic view, leaders found it difficult to prioritize decisions and investments. They needed a more efficient and effective way to manage their cybersecurity program.

Axio360: More than a Cyber Health Checkup, a New Level of Fitness

Within 2 days, this client was able to get started with Axio360. They completed a comprehensive cybersecurity risk assessment with the C2M2 framework. Through this cybersecurity risk assessment, both IT and OT leaders got a deeper and more holistic view of their cybersecurity risk management program.

Road-mapping Made Simple and Effective

Axio360 offers a Kanban style road-map tool that allowed our client to not only visualize their goals and deadlines but also easily adjust their roadmap. The client was able to easily set targets within the assessment and view it on the Kanban Board. The Kanban Board makes it easy to adjust targets and deadlines to meet business needs with a simple drag and drop. With their targets easily laid out in front of them, their team was able to create actionable next steps.

Breaking the Silos

Axio360 allowed this client to not only focus on adopting new technologies but assess older ones and bring them up to standard. Additionally, with Axio360’s collaboration capabilities, different business functions were able to work together efficiently. Our platform allows users to easily share assessments, collaborate on the road-mapping tool, assign action items and more. With a holistic view, this client was able to launch 6 prioritized projects to address the most pressing deficiencies within their system.

Seeing the Past, Present and Future

C2M2 Dashboard
Example Aggregate Dashboard

Our aggregate dashboard combined the cybersecurity risk assessments of both OT and IT functions together to allow for visibility. The dashboard also breaks up the domains within the C2M2 framework, easily presenting the specific areas of deficiency. The regular dashboard shows the target wheel, allowing the client to not only visualize their goals but also compare it to their current state to see how far they have left to go. With Axio360, they were also able to see how their score has improved with our milestones feature.

Axio360 was able to help this client streamline their cybersecurity risk management, encourage collaboration across different business units and reduce risk. Having an aggregate view of their enterprise allowed them to identify shortcomings, prioritize investments and improve their overall cybersecurity program. They can now thoroughly understand where they were, where they want to be and the hurdles they need to overcome to reach those targets.

Continuous cybersecurity improvement is in Axio’s DNA. Read our eBook and see how you can embark on this journey with us. Take your cybersecurity risk management to a whole new level.