What’s Included in the Cyber Security Assessment?
That’s a great question and one we’re often asked. Not only will we check several important areas, but we’ll also conduct audits within each focus area to see if the right procedures are in place to implement the best possible security.
So, whether you call it a cyber security audit, vulnerability assessment, cyber threat assessment, or data security assessment, you can expect this comprehensive service from PC Professional to include attention to all the following areas:
- Define the roles and responsibilities of each team member from top to bottom.
- Assign accountability to ensure cyber security procedures are followed through.
Software & Hardware Updates
- Ensure all the latest security patches and firmware are in place and updated.
- Consistently monitor updates by creating a schedule or subscribing to vendor notifications.
Updates of Antivirus & Malware Programs
- Ensure your antivirus and malware subscriptions are up-to-date and the updates are downloaded automatically.
- Have a strong password policy for all employees
- Employ multi-factor authentication.
- Ensure all employees only have access to only the information necessary to perform their job.
Sensitive Data Encryption
- Employ data encryption for stored data and transmitted data.
- Manage encryption keys with strong access controls and regularly rotate and update the keys.
Network Activity Monitoring & Logging
- Ensure that you store log data securely to support future analysis and reporting requirements if an incident transpires.
- Find the best type of firewall for your business’s specific infrastructure and needs.
- Define the rules and policies of the firewall to determine what traffic will be blocked.
- Monitor and update the firewall.
- Select a remote access solution including, but not limited to, Virtual Private Networks (VPNs), multi-factor authentication, and zero-trust security models.
Minimized Administrative Access
- Segment users based on their roles and use these segments to restrict certain users from administrative access to computers, networks, and applications.
Incident Response Plan, to Include…
- Preparation – Ready an incident response team.
- Identification – Implement detection tools to identify a breach quickly.
- Containment – How will you isolate the affected systems or data?
- Eradication – Cleaning up malware, applying patches, and rebuilding.
- Recovery – Establish a process for restoring systems and data.
- Lessons Learned – Identify the vulnerability that allowed the breach.
- Ensure your data is being backed up regularly.
- Test your backups to ensure the data stored is complete and accurate.
- Segment backups from the network.
Employee Awareness Training
- Educate your employees on the latest trends with cyber security.
- Inform employees about how to recognize risks, respond appropriately to incidents, and how they can contribute to security awareness and safety.
Third-Party Vendor Security
- Establish clear cyber security expectations and obligations.
- Ensure the vendor develops a coordinated incident response plan.
- Implement security requirements for all contractors, cloud applications, and software licensing.
Data Classification System
- Identify data categories: Public, internal, confidential, and highly confidential information.
- Establish criteria: Determine characteristics for the data in each category.
- Assign ownership: Designate data owners to be responsible for classifying and managing data within their purview.
- Develop guidelines: Create guidelines on the handling, storage, and sharing for each category.
- Implement security controls: Apply appropriate security controls to protect each data category.
- Educate your team on the classification system.
Intrusion Detection & Prevention Systems
- Choose the right IDS/IPS configuration for your company to monitor and block malicious traffic.
- Establish and enforce a no-nonsense organizational policy around the use of mobile devices.
- Implement email filtering solutions.
- Use email encryption.
Documentation of All Network Areas
- Implement an encrypted and secure password logging strategy.
- Document information from all software vendors.
- Log data of remote user access.
- Invest in financial protection in case of losses and damages caused by cyber-attack.
Regular Cyber Security Audits & Assessments
- Schedule periodic evaluations to ensure your security programs are effective and up-to-date.
- Perform regular security and vulnerability scans.
- Identify weaknesses and develop an action plan to address them.
Does this assessment sound like a solution that could make your business’s data more secure and help you sleep at night?
Schedule a no-cost consultation to gather more information about the Cyber Security Assessment and how learn more about how an IT security health check can reduce your chance of falling victim to cybercrime.