ITC Cyber Assessment
ITC Cyber Assessment
The first step to cyber security is to understand where you are at risk
An ITC Cyber Assessment will provide you with a clear, comprehensive and independent understanding of the levels of risk you are carrying. We assess every aspect of your organisation – its technology, culture, governance and people – and take account of any relevant regulatory standards, to deliver straightforward and actionable findings.
Our advisors begin each review onsite, comprehensively testing technical architecture and engaging with staff at all levels.
Detailed information is gathered via face-to-face conversations, workshops and through detailed reviews of all relevant documentation. Post-visit, all findings are compiled into a single report suitable for both senior management and technical teams.
This will highlight the vulnerabilities you carry in each area of your organisation, provide practical recommendations and suggest cost-effective solutions.
Our report will include a management-level executive summary of the identified issues and their potential business impact and will be supplemented by a detailed technical appraisal.
This will help guide you in making any necessary improvements – including changes to governance structures and staff training – and will advise on the level of investment required.
10 steps to build a cyber safe culture:
- Identify your risk philosophy: Supported by the Board and a governance that empowers people to act, have a plan that all employees, contractors and suppliers are aware of your approach to risk and the standards expected.
- Secure configuration: Identifying the existing technology and how it is configured is a major step in securing your systems. It’s not about buying the latest widget, but more about making better use of what you have.
- Network security and your supply chain risk: The connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. A careless employee, weak vendor or partner hugely increases your cyber risk and threat of a breach.
- Managing user privileges: Giving your people the right level of system privileges and data access is a key part of your cyber strategy. If users are provided with unnecessary system privileges or access rights, you raise the risk of misuse or compromise.
- User education and awareness: Your cyber defences are only as good as your people, does everyone know not to click on that link? Raising the cyber awareness of all your employees, getting governance right and building a security-conscious culture is critical.
- Incident management: All organisations will experience security incidents at some point. Being able to demonstrate a robust approach to cyber is one key compliance factor, but being able to respond quickly to the incident is how brand reputation, stakeholder confidence and business continuity will be best protected.
- Malware prevention: Malicious software, or malware is a huge threat, there are thousands of these vulnerabilities released every week. Your employees, partners and vendors are all exposed and all carry risk into your systems and services. Having a policy to deal with and manage the threat is a strategic “must do”.
- Monitoring: System and data monitoring are often required to comply with legal or regulatory requirements, however, good system monitoring can deliver prediction, detection and response capabilities to defend against actual or attempted attacks on your business.
- Removable media: Memory sticks, external disc drives, and other portable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use.
- Home and mobile working: Mobile working and remote system access offer great benefit, it also exposes you to greater risk. You should train users on the secure use of their mobile devices in the environments they are likely to be working in.
These are the Do’s and Don’ts for a cyber assessment
- Ensure that the scope of the engagement is agreed before-hand
- Dedicate internal time and resource to the assessment
- Map the outcomes to business objectives
- Rely on one person to know all areas of the business
- Restrict yourself to a purely technical assessment
- Forget third parties!