SG_RISK_MANAGEMENT_HERO.jpg

Risk management maturity

Our unique maturity scoring model gives businesses a straightforward understanding of where they can most improve.

Informed by experience

We used our decades of experience in IT and information security management as well as our first-hand engagement investigating hundreds of cyber incidents to deliver a comprehensive assessment based on the common risk concerns of cyber insurance underwriters and cyber security best-practice from standards such as ISO 27001, PCI DSS and NIST. Our findings are summarised to clients by rating their cyber risk management maturity in five key areas, combined with an 'Attackers Eye View' scan.

Skills & resources
People

We review staff roles and ensure they are clearly defined and assigned to those with appropriate experience or cyber risk qualifications. We also check the organisation has proper IT resourcing considering the information which they store and process. We base our scoring on best practice considering the organisation's size combined with the assets they handle.  

Documentation & effectiveness 
Processes

Our assessment reviews organisational policies to ensure the correct procedures are in place with appropriate guidance, standards and agreements. A high maturity indicates a hierarchical document set exists, is regularly updated and followed. We examine the organisations cybersecurity culture; are staff aware of cyber threats, governance documents & their obligations.

Security protection & detection
Technology

We review the technologies used to protect the organisations business data are planned, budgeted, implemented, up-to-date, and operated effectively.  We review security-specific solutions and the security functions available within other standard IT technology, such as operating systems and databases. We apply best-practice to review key safeguards using a layered approach. 

Reliance & assurance
Vendor management

We review the assurances an organisation has in regards to their outsourcing partners and vendors.  A high maturity indicates the company has considered a degree of trust and cybersecurity as important factors in their contractual relationships. We pay particular attention to clients existing relationships and standard practices when planning outsourcing and vendor assignments. 

Records & categories
Data asset awareness

We examine how the organisation categorises the data it utilises. We ensure that critical personal and other business data is clearly understood so that the organisation can suitably assess the risks associated with these assets. As part of our assessment report, we produce a data asset register allowing clients to gain clarity over data access content and aggregation, to assign ownership and retention policy. 

The Attackers Perspective
Attackers Eye View

Many businesses unnecessarily leak information which is used by attackers to scam them and compromise their systems. Our profiler service provides an attackers perspective for an organisation’s online presence. We scan for vulnerable systems, configurations, user accounts, domains, third party links, technology investment, and other sensitive details. Results then drive practical recommendations for remediation.

SG_CC_BLUE_DOTS_01.jpg
Maturity scoring

We rank an organisations resilience using a straightforward 1-5 score in five key maturity areas. Our scores use proprietary logic functions applied to the information gathered over a personal one-to-one 90-minute security review by our expert assessors.

Opinion statement

We summarise assessment findings in a tailored opinion statement. The jargon-less summary clearly outlines the assessment findings for both technical and non-technical executives.

Findings and recommendations
dashboard

This area provides an overview of every finding paired with a visual high/medium/low risk determination.  With one glimpse, a business can identify its cyber strengths and weaknesses. 

In-depth remediation overview

This section lists each assessment finding in order of urgency. We document each high/medium risk with a reason for its determination. The report also contains clear remediation advice for every high and medium risk, in addition to a commentary on low risks. Tags show a direct relationship to maturity improvement.

Improvements checklist

This checklist provides a clear action plan for the assessed organisation. The ten most urgent findings are summarised and scored. This section allows the assessed business to determine key remediations actions on its overall cyber maturity.

Data asset register

Many organisations are not aware of the information assets they store and process. As a result, they cannot demonstrate the steps taken to understand and protect these assets. The Cyber3 assessment generates a formal information asset register enabling tracking of ownership, access control and data retention policy. 

Attackers Eye View

We help organisations understand the attackers perspective by including an open-source intelligence assessment. This section scans the business for susceptible technologies, misconfigured services, vulnerable user accounts, and many other details commonly used by hackers to breach organisations.

Findings overview

Cyber3 report sections

We outline assessment findings in a comprehensive well-structured report. The report contains jargon-less insights that are easy to understand by both technical and non-technical executives. Using the following report structure, we can raise risks clearly and provide a path to remediation with direct links from our recommendations to stepped improvements in cyber risk management maturity.

SG_CYBER3_DASHBOARD.jpg

Developing maturity

Improving cyber security

Our assessment is performed over a 90 minute call with a STORM Guidance cybersecurity expert. As part of the review, we also complete an  'Attackers-Eye-View' scan of the company's entire digital estate. This scan examines all public-facing digital assets for security threats, domain misconfigurations and other vulnerabilities.

 

The result is a certificate of assessment, a comprehensive risk management report incorporating our unique maturity scoring, and a straightforward strategy to achieve cyber resilience. Assessments are priced at £995 with discounts available for insurers, brokers and their clients.

SG_RISK_MANAGEMENT_CONTACT.png

Contact us

If you need an independent team of highly qualified cyber risk, cybersecurity and digital investigation specialists…

Links

Legal

Follow us

STORM Guidance, First Floor, 99 Bishopsgate, London, EC2MN 3XD | +44-203-693-7480 | contact@stormguidance.com 

© 2021 STORM Guidance Limited