At LMG Security, we often hear from organizations who are in the early stages of setting up a cybersecurity program, and they are looking to us to help them figure out a logical roadmap.

We recommend a security controls assessment, where LMG consultants evaluate a client’s overall security program to get a picture of their current security posture and identify areas where improvements are needed. Then our recommendations can be used for the client to plan their path forward.

To perform this type of assessment, LMG decided to develop a list of “Security Fundamentals” that an organization should put in place as a starting point for developing a security program. We know that organizations can’t address every gap and set up a lot of new tools and processes at the same time, so we want to provide high-value, realistic, actionable first steps to get you started in the right direction.

A team of LMG consultants used our knowledge of widely-used frameworks and our general familiarity with security threats and best practices to identify 10 key activities we think are essential.


Security Fundamentals Key Activities

Ownership & Management Confidentiality
Asset Management Availability & Continuity Planning
Software Lifecycle Management Network Security
Training Detection & Investigation
Access Control Continuous Monitoring


Then we developed a short list of action items for each Key Activity. For example, The Access Control Key Activity requires technical access controls, consistent access control processes, and multifactor authentication for remote access.

Client feedback on this starter approach has been excellent! Contact LMG today to talk about how LMG’s Security Fundamentals can help your organization focus on the most important and impactful security controls to from a strong base for your security program.