The CST Cyber Resilience Assessment service measures your defences against the 20 factors that best practices recommend.
The assessment takes the form on an onsite workshop with key personnel, using a methodology that is based on British Standards and other leading and recognised organisations such as SANS institute. The service analysis the current and desired state of cyber resilience and encompasses:
The change in priority is due to three factors that are increasing the risk of attack across industry, these three factors being:
Cyber threats are now accepted as a genuine business risk, in fact the most recent report by Lloyds register places Cyber Risk as the 3rd highest global risk to business (it was place 13th at the last report - available upon request). The UK Governments has also accepted the risk to businesses from Cyber threats and is writing to organisations asking them to evaluate against a 10 point cyber security strategy (you may have seen the cyber security jig saw and Cyber Street initiatives).
To address this growing risk we have a Cyber Security assessment service “Cyber V” (Visibility) in partnership with Symantec. This takes the form of an onsite workshop that works through the top 20 key controls that makes for a robust cyber defence. The end result is a detailed report that identifies gaps and areas of improvements and practical prioritised suggestions; the process also provides a great educational and awareness platform for the staff involved on the topic of cyber security.
The noteworthy business benefit is defining the specific risk that your business faces from Cyber threats and the potential loss, such as; a data breach, revenue losses, damage to brand reputation, and industry regulatory failure. The value is knowing where and what to do first to address the greatest Cyber risk to your business.
3-Phase Best in Class Approach to Cyber Assessment
Review and measure the four cornerstones of Cyber risk management:
Organisation: Leaderships & Governance
Status: Current position & posture for risk
Visibility: New threats and emerging hazards
Response: Protection, strategies, controls and ability to act.
Identify Critical Gaps, distinguish priority topics and rank resilience
Present findings and detailed report
Opinion & Resources
The Cyber Assessment Service is about giving a business the visibility of its defence posture against a cyber-attack.
It’s not a test of any particularsystem, nor is it a threat sweep – these can be undertaken as part of the Cyber assessment service if required.
The top 20 controls as recommended by SANS are not rocket science and are readily available, what CST find is that Information Security is driven by reactive projects, and organic growth of established controls, as such some of the 20 key controls are either missing or are not fit for purpose within a business with todays and tomorrows new risks.Nigel Lewis