Cyber Risk Review

TUC_cog line.png

Understand your risks

Access
 

The key functions of the Cyber Risk Review are to understand the cyber risks the organisation faces, both technically and culturally, build those risks into an actionable register, and provide strategies for ongoing risk mitigation and improvement.

Iceberg with text.jpg

Independent Cyber Risk Review / Audit: This is typically the first stage of CAP engagement for SME organisations. The service is designed to provide immediate insight into an organisation’s cyber weaknesses, both organisational and technical. Organisations that undertake these reviews are demonstrating that they treat cyber risk as one of the top business risks to their organisation and they are investigating the potential impacts and acting upon recommendations for risk mitigation. The review considers the following:

  • IT & IT security organisation structure

  • Cyber risk profile

  • IT security strategy

  • IT security management Infrastructure & applications

  • Policies & processes including incident preparedness & response

  • Resiliency / survivability

  • 3rd party service providers

  • User awareness

  • Remediation strategy

  • Cyber security and incident leadership

Meetings with key staff and providers will provide further detail for the assessment. A report will then be submitted and presented to the customer including an operational maturity assessment, cyber risk register, capabilities gap analysis and recommendations for improvement.

Service approach:

The cyber risk register approach simplifies the management and reporting of cyber risks and remediation strategies, ensuring that key leadership stakeholders are aware of the risks and the actions that are being taken. When risks are addressed, and a remediation plan is in place, it is reflected in the risk register and available at a glance for strategic purposes, should concerns be raised and/or an incident occurs.

The Cyber Risk Review consists of the following components:

  • Information gathering

  • External host security & internal vulnerability assessment

  • Key stakeholder workshop/s

  • Risk register preparation, review, and familiarisation session

  • Cyber security strategy development

  • Report preparation & submission

Deliverables

  • Cyber risk register

  • Cyber risk review report including cyber strategy

  • Risk register management and review report interpretation session

  • Cyber risk review presentation

Untitled design-6.jpg