Cyber Security Self-Assessment

Cyber Security Self-Assessment

Cyber Security Self-Assessment (CSSA) for an energy supplier in the CRITIS area


During a guided self-review, potential for improvement was systematically identified and appropriate recommendations for action were made.


Initial situation and problem definition

Client: Energy supplier in the CRITIS area

Scope: Group in Austria with approx. 2,500 employees

Focus on the commercial area of the group

Current implementation of the ISO/IEC 27001 and 27002 standards

Introduction of a SIEM solution and establishment of an identity & access management planned


Objectives, project scope and benefits

Identification of potential for improvement per task field and category

Translation into suitable recommendations for action

Transparent processing and discussion of CSSA results as well as potential for improvement and recommendations for action



Basis of the questionnaire: Cybersecurity Framework Version 1.1 of the National Institute of Standards and Technology (NIST)

Expanded to cover the requirements of ISO standard 27001:2013

Questionnaire with 5 primary task areas, 23 categories and a total of 103 questions

2-day on-site workshop: Guided completion of the questionnaire, as well as quantification of the answers on a scale from 1 to 4


Results achieved and outlook

Identification of potential improvements in four areas of the group and translation into concrete recommendations for action

Targeted strengthening and improvement of IT security

Comparability through standardization, so that the effectiveness of measures can be assessed by a subsequent CSSA