HG Three Spheres Review

Herjavec Group works with organizations to perform an independent, high-level assessment of their corporate security posture in order to understand their existing information security technology and business process controls. During the review, Herjavec Group employs a risk-based approach, The Three Sphere of Influence Security Assessment, to assess the current security framework and security posture of the organization.

three spheres review

The Three Spheres of Influence Security Assessment approach is fashioned after control frameworks found in ISO, Cobit, and NIST. Using the Three Spheres of Influence assists in focusing the assessment across a concise grouping of enterprise-wide defense in depth components. The information collected is used to determine any missing controls and make recommendations for areas of action. These recommendations are designed to provide security requirements and solutions that may be used to achieve a more robust information technology security framework.

Herjavec Group begins the information gathering process by interviewing select individuals and by reviewing appropriate documentation. We bring decades of assessment experience and a keen understanding of the specific technologies deployed in the customer’s environment. Throughout the review we develop an understanding of the information security management configuration, including information security responsibilities, security governance, security policies, security controls, security operations, security monitoring and follow-up procedures.

As an output from the assessment, Herjavec Group creates a report to highlight the key findings and provides remediation recommendations.

The finalized package includes:

  • Executive Summary
  • Gap Analysis
  • Detailed Roadmap
  • Targeted Action Plan
  • Customized Presentation

CMMI Security Process

As part of the Security Consulting Three Spheres Review, Herjavec Group will identify these inconsistencies and review your organization’s security maturity using our CMMI Security Process.

The Capability Maturity Model Integration (CMMI) Security Process measures the maturity, effectiveness and efficiency of your organization’s security posture. Based on Carnegie Mellon University’s CMMI framework for process improvement, and leveraging the ISO 2700x and NIST SP 800-53 security models, the CMMI Security Process provides a baseline security assessment to help your organization identify current vulnerabilities and areas for improvement.

The final deliverable includes an average Maturity Score within the Executive Summary, the complete CMMI Security Model and a set of recommendations for addressing improvements in your score.

To learn more about Herjavec Group’s CMMI Security Process, download the white paper here.


First Name*
Last Name*
Yes I consent to Herjavec Group sending commercial electronic messages to me for marketing purposes, including information about products, services and events that may be of interest.