A Portuguese financial institution, confronted with the challenge of a cybersecurity maturity assessment involving numerous interviews and evidence analysis, successfully addressed several issues within its complex and large organization, which already boasted a high level of cybersecurity maturity.

The GRC activities applied in this case encompassed a Maturity Assessment based on NIST CSF (Cybersecurity Framework), the National Framework of Reference for Cybersecurity (QNRC) of CNCS, ISO/IEC 27001, and other references and regulations relevant to the banking sector in Portugal.

Subsequently, the organization identified and assessed its current cybersecurity maturity state, pinpointing gaps in areas such as Asset Management, Supply Chain Risk Management, Data Security, Anomalies and Events Detection, and Incident Analysis. Compliance checks against NIST CSF, ISO/IEC 27001, QNRC were conducted, along with recommended actions to enhance the organization's cybersecurity posture.