Step 1: Identify. Step 2: Assess & Evaluate. Step 3: Prioritize & Remediate. Step 4: Implement & Monitor. Step 1: Identify. What’s your cyber game plan for protecting your assets? What specific cyber policies, procedures, and processes do you have in place? Do you have an existing cybersecurity framework in place, or are you looking to adopt a proven methodology? These questions, and many more, should form the basis of your initial scoping exercises for a CMA. Step 2: Assess & Evaluate. Whether you decide to embark upon compliance against a standardized cybersecurity framework or generally accepted best practices, it’s critical to assess your control environment for determining current cyber posture. Specifically, you need to identify and document core controls in terms of gaps found, steps needed for remediation, along with developing a roadmap for cyber success. Step 3: Prioritize & Remediate. In terms of cybersecurity posture, control gaps are often found as no organization ever has a picture-perfect control environment. From drafting security policies and procedures to implementing technical controls, as an organization, you should expect a healthy number of issues that will require remediation. Step 4: Implement & Monitor. Your cybersecurity measures now have to become a very part of your organization’s culture. This means updating controls, training employees, gauging the overall success of the implementation efforts – all while offering constructive feedback throughout the process. It’s now your cybersecurity program, which means you’ll also need to develop and implement a customized continuous monitoring program for regularly assessing the viability of your cybersecurity controls.