Deploying effective cyber security is one of the 21st century’s greatest challenges for business. In the digital age executives and senior managers need to fully understand what cyber security is and how it impacts upon them and their businesses. Businesses need guidance on the practical steps of incorporating good cyber security practices into their workplaces.
Developing a Cyber Security Road Map
We operate in a constantly changing environment with zero day attacks a real threat to our organizations. There are many threat actors with varying skill levels that pose multiple threats. In this landscape, you must assess the cyber security risk and financially justify the steps taken to mitigate these threats. You need the support of the board and senior managers to deploy suitable defences within the skill set and knowledge base in your business. To do this we can examine your business via a four-step process:
Our dedicated Cyber security team can assess the needs of your business and determine the most cost effective way of securing your information whilst reducing your risk.
- Conducted via a high level 2 day evaluation combining on site consulting with remote scanning and testing and an online survey system
- Examines Cyber Security from the standpoint of your individual business environment
- Utilises a risk assessment matrix that considers levels of cyber risk and any key legal, regulatory and contractual obligations that may exist
- Provides a report identifying your current Cyber Security position and providing a road map to mitigating your cyber risks
1. Gathering Information
Our Oxford Systems experts will engage with your business and meet with one or two of the appropriate senior managers to discuss with them identifying your major cyber risks. These interviews will take about two hours and will focus on:
- What are your key digital assets? i.e. the data, systems and infrastructure which are vital to your business
- What are the cyber risks to those assets?
- In your risk management process what level of risk are you ready to accept?
- What are your businesses key legal, regulatory and contractual obligations?
- What are your current planned mitigations of identified operational, cyber legal, regulatory and contractual risks including policies, roles and responsibilities, competencies, skills and the business objectives for Information Security management.
2. Auditing Your Current Planned Mitigations by Oxford Systems
- Review the effectiveness and completeness of the identified mitigation in the light of the gathered information
- Review your wireless network security implementation
- Conduct remote vulnerability scans of your business website and Internet connections
- Selected employees complete a brief online staff questionnaire to gauge employee understanding of relevant security requirements (Cyber Hygiene awareness)
3. Analysing Your Cyber Risk Exposure
Oxford Systems will then ascertain the gaps between your targeted risk mitigation position and your current situation, by using the audit information to review your:
People Processes and Technology
4. Prioritise and Report
Oxford Systems will decide what must/can be done immediately to improve how your most critical risks are addressed
A prioritised action list with a roadmap of recommendations and approximate investment is then developed: On the basis of the information collected and the action list, Oxford Systems will prepare their report, which in addition to the action list will provide a high level cost-benefit analysis, including any appropriate longer term initiatives towards deploying international best practice.