Do you understand your cyber risk?
Recent global cyber-attacks serve as a stern reminder for Executives and their organizations to better understand their cyber risk. Complex IT infrastructures often lead to a lack of transparency in many organizations. How transparent is your cyber risk landscape?
10-point health check to evaluate your risk level
Cybeta has compiled a simple 10-point health check enabling executives to self-evaluate their exposure.
- Do you have every server and application configuration documented and know if they change? Do you know who changes data and when? Is this auditable?
- Do you control external media devices like USB drives, CD/DVDs and external hard drives? If a computer plugs into your network or accesses your internal network via wireless is it automatically granted access?
- How comprehensive is your overall asset inventory? Do you have a finite list of the hardware, software, and networking equipment for both managed and unmanaged assets?
- If a device needs to be removed from accessing your network, what is the process and controls to execute and how long does it take?
- How quickly can you determine where specific data is physically held and whom the affected stakeholders would be should the configuration need to be changed in an incident response scenario?
- Do you have your critical intellectual property categorized and accessible within your environments? Do you know who is accessing it, when and if changes are being made? Do you track data leaving your company?
- Are you certain that even an unsophisticated social engineering attack would not succeed?
- Are you confident that sensitive information or data is not for sale on the public market?
- Do you know who comprises your critical supplier/vendor community? Are they required to meet a prescribed security standard with risk profiles actively managed?
- In the event of a compromise, do you have an active response plan? Is it cross-functional and does it quickly predict the overall financial impact of the threat? Do you hold quarterly response drills?