Cyber Risk Review
Understand your risks
The key functions of the Cyber Risk Review are to understand the cyber risks the organisation faces, both technically and culturally, build those risks into an actionable register, and provide strategies for ongoing risk mitigation and improvement.
Independent Cyber Risk Review / Audit: This is typically the first stage of CAP engagement for SME organisations. The service is designed to provide immediate insight into an organisation’s cyber weaknesses, both organisational and technical. Organisations that undertake these reviews are demonstrating that they treat cyber risk as one of the top business risks to their organisation and they are investigating the potential impacts and acting upon recommendations for risk mitigation. The review considers the following:
IT & IT security organisation structure
Cyber risk profile
IT security strategy
IT security management Infrastructure & applications
Policies & processes including incident preparedness & response
Resiliency / survivability
3rd party service providers
User awareness
Remediation strategy
Cyber security and incident leadership
Meetings with key staff and providers will provide further detail for the assessment. A report will then be submitted and presented to the customer including an operational maturity assessment, cyber risk register, capabilities gap analysis and recommendations for improvement.
Service approach:
The cyber risk register approach simplifies the management and reporting of cyber risks and remediation strategies, ensuring that key leadership stakeholders are aware of the risks and the actions that are being taken. When risks are addressed, and a remediation plan is in place, it is reflected in the risk register and available at a glance for strategic purposes, should concerns be raised and/or an incident occurs.
The Cyber Risk Review consists of the following components:
Information gathering
External host security & internal vulnerability assessment
Key stakeholder workshop/s
Risk register preparation, review, and familiarisation session
Cyber security strategy development
Report preparation & submission
Deliverables
Cyber risk register
Cyber risk review report including cyber strategy
Risk register management and review report interpretation session
Cyber risk review presentation