Author: Brian Nichols
Title: Director of Infrastructure & CISO
Company: Select Data, LLC
Framework Alignment: NIST CSF v1.1 | ISO 27002 | HITRUST | OWASP
Challenge: When Cyber Insurance Meets Real Accountability
In 2024, Select Data’s cyber insurance provider introduced a new requirement for policy renewal:
“Enroll with SecurityScorecard and improve your external cybersecurity rating.”
At the time, our organization’s score stood at 76 (C). The report cited deficiencies under “Application Security” and “Network Security” — including missing Content Security Policy (CSP) headers, insecure DNS configurations, and outdated patch cadence.
This wasn’t just a compliance issue — it was a credibility challenge.
To renew our policy, we needed to demonstrate that our cybersecurity posture was measurable, defensible, and actively managed.
Action: Coordinated Leadership and Technical Precision
Appointed as Chief Information Security Officer (CISO) by the CIO in 2021, I led the remediation initiative to align SecurityScorecard’s external metrics with our internal governance framework.
Using the NIST Cybersecurity Framework (Identify–Protect–Detect) and ISO 27002 as guiding standards, we structured the project into clear, trackable workstreams:
- Application Security: Hardened IIS configurations, implemented secure headers, and enforced HTTPS.
- Network Security: Updated firewall rulebases, validated segmentation, and remediated public-facing vulnerabilities.
- DNS & Patch Management: Resolved insecure DNS records, enhanced monitoring, and automated patch cadence across key systems.
- Governance Integration: Mapped every SecurityScorecard finding to NIST PR.DS and PR.IP control families, linking tactical fixes to measurable framework compliance.
This wasn’t just about improving a score — it was about proving operational maturity.
Result: Measurable Improvement, Real ROI
Within 90 days, Select Data achieved a full turnaround:
| Metric | Before | After | Improvement |
|---|---|---|---|
| SecurityScorecard Rating | 76 (C) | 94 (A) | +18 points |
| DNS Health | 80 | 90 | +10 points |
| Network Security | 81 | 95 | +14 points |
| Patching Cadence | 82 | 97 | +15 points |
| Endpoint Security | 88 | 100 | Full remediation |
This improvement led directly to a $7,000 reduction in annual cyber insurance premiums and elevated Select Data into the “Low External Risk” tier.
The initiative also served as an internal proof point that security governance and business outcomes are directly connected.
Key Takeaways
- Quantifiable Risk Reduction: Improved overall SecurityScorecard rating by 18 points through coordinated governance and remediation.
- Insurance ROI: Achieved a measurable $7,000 annual savings on cyber insurance premiums.
- Operational Resilience: Established repeatable governance workflows mapped to NIST CSF PR.DS and PR.IP domains.
- Leadership Impact: Strengthened organizational trust in the CISO function by turning compliance into culture.
Conclusion: Security as a Business Enabler
Cybersecurity frameworks like NIST and ISO 27002 provide the blueprint — but leadership, alignment, and execution turn frameworks into results.
This project reaffirmed what I’ve always believed:
“It’s not policy that will save you — it’s building secure systems that empower people, protect data, and make security a business enabler, not a bottleneck.”
✅ Interested in partnering or learning more?
Whether you’re building toward HITRUST, ISO 27002, or need help improving your SecurityScorecard rating — visit AllSystemsArgo.com/contact or LoneStarStateMining.com.
All Systems (Are) Go. 