Cyber Security Services

Enterprise cyber security review

(ECSR)

Data has become a key asset to all companies and organisations which means the assessment of your cyber security risk is paramount to best business practice.

It’s all about Trust.

Building and operating your environment with trust where all stakeholders are confident that they can safely transact with you is your number one priority.

The security and resilience of your business and your entire eco-system is at the heart of inspiring this trust.

This is where an Enterprise Cyber Security Review (ECSR) is essential.

The four steps of an ESCR

It is essential that an organisation understands where they are in relation to securing their organisation which directly relates to inspiring trust and resilience.

Gap analysis

Understanding where the organisation ranks with their information security and where they need to be, in conjunction with their selected industry standard security framework is the first step in discovery.

There are a few different standards and framework that an organisation is likely to align with or be required to be certified against including.

ISO 27001
NIST Cyber Security Framework
PCI DSS

Risk assessment and establish a risk register

There are three stages to the risk register. These include:

1. Risk Identification

The first stage of the Risk Assessment is to identify all relevant threats and vulnerabilities which may impact the Confidentiality, Integrity and/or Availability (CIA) of information assets. Several factors need to be considered when identifying risks:

Strategic risk
Operational risk (including those related to the service delivery, people and technology)
Financial risk
Reputational risk
Legal, regulatory and compliance

2. Risk Analysis

We assess the likelihood and potential consequences that would result if the risk(s) identified during the review were to materialise. The result of this step is determining the level of the risk.

3. Risk Treatment

Risk-treatment options will be discussed and documented with key stakeholders. These include:

Avoidance,
Reduction,
Transfer, or
Acceptance.

Once an appropriate risk treatment option is chosen, the resultant residual risk rating will be determined and documented.

Road map

A security roadmap combines the results from the gap analysis and the risk assessment. A Roadmap provides the strategy and a visualised high-level program of action towards achieving the target state with respect to the organisation’s Cyber Security profile. It includes a prioritised approach towards reducing risks identified in current capabilities in people, process and/or technology.

Data governance

The last step of an ECSR is to conduct a data governance review. Due to the implementation of the Data Breach Notification it has become imperative that organisations know what data they hold, where it is stored and who has access to it.

Benefits of Data Governance

- Reliable data
- Data consistency
- Aligns with compliance requirements
- Assists with generating strong governance policies

Sense of Security’s Team of advisors are highly experienced and skilled in enterprise cyber security reviews.

If you have any doubt about your organisations cyber resilience contact us now to discuss how we can help you inspire cyber trust. Call 1300 922 923 or make an enquiry today.

Latest announcements

Presentation: Orchestrated Containers and How to Hack Them

Three Sense of Security team members presenting at AusCert 2020

Educate your staff – Reduce your cyber risk

Sense of Security will be represented by three team members at RSA APJ 2020

Full Cyber Security Services

Full Risk and Compliance Services