Cyber Security Audit
Addressing cyber security
The three fundamental aspects of effective cyber security are people, processes and technology.
The problem with today’s corporate environment is that we tend to focus on technology. We believe it is the magic bullet for all ailments, but technology alone will not protect your critical assets.
In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Greater emphasis must be placed on user-awareness and educational programmes.
Security analysts must investigate how people and technology interact to determine possible threats. Detailing this process step by step can help bridge the gap between people and technology and expose vulnerabilities.
Fran Howarth, senior analyst at Bloor Research, states that
“Technology provides automated safeguards and processes to determine the series of actions to be taken to achieve a particular end. But even organizations with strong security practices are still vulnerable to human error. To stem errors made through social engineering, and to raise awareness of the potential caused by carelessness, technology and processes must be combined with employee education.”
Cyber Security Audit – what is it?
The IT Governance Cyber Security Audit is a one-day consultancy service offering a high-level cyber review of the organisation and its IT estate. It identifies the threats, vulnerabilities and risks the organisation faces, and the impact and likelihood of such risks materialising across these areas:
- Cyber risk governance
- Data security
- Risk management
- Training and awareness
- Legal, regulatory and contractual requirements
- Policies and information security management system
- Business continuity and incident management
- Technical security controls
- Physical security controls
- Third-party management
- Secure development
Based on the findings, IT Governance provides a insightful report that recommends measures to appropriately mitigate those risks.
Who is it designed for?
Our Cyber Security Audit is particularly valuable to organisations that have yet to document their risks, vulnerabilities and threat exposure.
It is also useful to organisations that have grown organically and implemented a suite of security controls but now find themselves overwhelmed by the threats they face due to the volume of communications they process on a daily basis. These communications can be anything from emails with videos, images, PDF or Office attachments to social media postings and hyperlinks using a variety of devices across multiple channels.
Why you need a Cyber Security Audit
New regulations such as the General Data Protection Regulation (GDPR) call for stiff penalties in case of a breach or hack resulting in lost personal data. One way to mitigate the consequences of a breach is to show that your organisation has followed government initiatives and taken the necessary steps to protect personal data to the extent possible.
A Cyber Security Audit sets you off on the right foot by providing the basic cyber security groundwork on which to build your IT stack.
A step towards international security standards and compliance
The Cyber Security Audit service is also a valuable precursor to compliance with the EU’s GDPR and standards such as ISO 27001:2013, Cyber Essentials and the 10 Steps to Cyber Security. The service can form part of your organisation’s best-practice policy by providing an annual external security review process, and assurance to your prospective clients, investors and the board.
Why choose IT Governance?
IT Governance specialises in providing IT governance, risk management and compliance solutions, with a special focus on cyber resilience, data protection, the GDPR, the Payment Card Industry Data Security Standard (PCI DSS), ISO 27001 and cyber security.
IT Governance is also recognised under the following frameworks:
- UK government CCS-approved supplier of G Cloud 9 services
- CREST certified as ethical security testers
- Certified under Cyber Essentials Plus, the UK government-backed cyber security certification scheme
- Certified to ISO 27001:2013, the world’s most recognised cyber security standard
Speak to an expert
Let us help you get started with a Cyber Security Audit strategy to minimise the impact of a breach.