What is Cyber3: Rapid Risk Review?
A unique and comprehensive cybersecurity risk assessment
Cyber3 is a 90 minute web call with a cyber security expert, that provides a straightforward understanding of exposures and cyber incident prevention.
Who should attend?
The appropriate department managers must attend the web call
We review three business functions; finance, data protection, and IT security.
Finance
-
IT Budgeting
-
Roles and Responsibilities
Data Protection
-
Policy
-
Compliance
-
Business Information Assets
IT Security
-
Cyber Security Systems & Processes
-
Cyber Incident Management Processes
Prior to the cybersecurity assessment
You are most welcome to provide us with any relevant documentation for review prior to the call
This would be completely optional and subject to review.
We would be happy to enter into a non-disclosure agreement in the protection of such information. Examples include: IT or Information Governance/Security Policies & Agreements 3rd Party Supplier Agreements Business Continuity/Disaster Recovery/Incident Response Plans
During the cybersecurity assessment
The assessment is made up of sections, consisting of easy to answer questions
Most questions offer simple - Yes, No, In Progress, Not Applicable - answers.
There is the option to defer up to 5 questions that cannot be answered for post-review completion, although this can delay the report
-
Section A - Introduction & business details
Gathering corporate and financial information including business size, revenue sources and IT & security budgets.
-
Section B - Your business information assets
Identifying the categories of business and personal data, numbers of record, data concentrations and access control.
-
Section C - IT operations and cyber security function
Understanding IT and security management including resourcing, extent of IT systems and IT services support, due diligence and contractual arrangements.
-
Section D - Your cyber risk assessment programme
Discussing internal and external cyber risk assessment arrangements including types and regularity of assessment, impact analysis and remediation.
-
Section E - Your information governance programme
Learning about the policies and procedures that you use to guide and mandate staff in the management of cyber risk and fraud prevention.
-
Section F - Your cyber security systems & processes
Determining those technologies and configurations used to detect and prevent unauthorised access to business data.
-
Section G - Your cyber incident management process
Understanding the approach your business would take to the management of a cybre incident, should it occur.
-
Section H - Historical information
Hearing about any past cyber security incidents and how you responded.