Building and operating your environment with trust where all stakeholders are confident that they can safely transact with you is your number one priority.
The security and resilience of your business and your entire eco-system is at the heart of inspiring this trust.
This is where an Enterprise Cyber Security Review (ECSR) is essential.
It is essential that an organisation understands where they are in relation to securing their organisation which directly relates to inspiring trust and resilience.
Understanding where the organisation ranks with their information security and where they need to be, in conjunction with their selected industry standard security framework is the first step in discovery.
There are a few different standards and framework that an organisation is likely to align with or be required to be certified against including.
There are three stages to the risk register. These include:
The first stage of the Risk Assessment is to identify all relevant threats and vulnerabilities which may impact the Confidentiality, Integrity and/or Availability (CIA) of information assets. Several factors need to be considered when identifying risks:
We assess the likelihood and potential consequences that would result if the risk(s) identified during the review were to materialise. The result of this step is determining the level of the risk.
Risk-treatment options will be discussed and documented with key stakeholders. These include:
Once an appropriate risk treatment option is chosen, the resultant residual risk rating will be determined and documented.
A security roadmap combines the results from the gap analysis and the risk assessment. A Roadmap provides the strategy and a visualised high-level program of action towards achieving the target state with respect to the organisation’s Cyber Security profile. It includes a prioritised approach towards reducing risks identified in current capabilities in people, process and/or technology.
The last step of an ECSR is to conduct a data governance review. Due to the implementation of the Data Breach Notification it has become imperative that organisations know what data they hold, where it is stored and who has access to it.
