A cyber security review provides an independent and in-depth assessment of the ability of an organisation to protect its information assets from the impact of cyber threats. The cyber security review aims to establish and validate the effectiveness of cyber security measures. It also identifies vulnerabilities in an IT system and matches them to potential internal and external cyber threats.
How secure is your organisation?
An initial cyber security review identifies the current cyber security risk ‘posture’ and defines the baseline for improvement in the future. Cyber risks are identified, and security measures (controls) are applied to mitigate the risks consistent with the objectives of the organisation. Subsequent reviews are performed at intervals to ensure that all of the security measures are performing as required. Cyber security reviews are essential to delivering the effective management of cyber security and underpin compliance to ISO 27001, PCI DSS and Cyber Essentials Plus standards.
An experienced cyber security consultant will perform a comprehensive audit of the cyber security measures implemented in the organisation. This audit will involve on-site visits and remote access where required. Interviews with senior managers may be conducted to adequately identify and validate the relationship between the people, process and technology controls being used. A comprehensive written audit report will be delivered which documents the status of each security measure and indicates the level of cyber risk in the context of the vulnerability, threat and potential impact. The report will identify actions and recommendations that can be taken to minimise cyber risks.
The Cyber Security Review consists of a comprehensive audit of the existing security controls implemented in an organisation. It is performed by an experienced cyber security consultant who will identify each security control and compare it to the requirements as specified in the CIS Controls V7. Each Control Domain and Sub Control is given a maturity rating of between 1 – 5. This is based on the use of a Cyber Security Maturity Model where Level 1 is Initial (Lack of control in place), and Level 5 is Optimised (Advanced defensive capability). At all stages, the review endeavours to assess the effectiveness of each control and identify any potential deficiency with respect to its related technology, people, policies and processes. We will then prepare a comprehensive report that includes an Executive Summary of the key findings, the complete audit results and our recommendations for improving cyber security in the future.
CIS Controls V7 benchmarking
Wizard Cyber uses the Center for Internet Security (CIS) Controls to provide a benchmark for a quantitative and comparable measure of cyber security risk. The twenty CIS Controls V7 are compiled from the contributions of over 300 cyber security global professionals in academics, industry and government organisations. They are also internationally recognised by the UK National Cyber Security Centre. We will also perform an external and internal vulnerability scan which is designed to identify and classify technical weakness in an IT system.
To find out how Wizard Cyber can help you, enter your details in the form and we’ll get in touch.
Some error has occured.