Cynergy Cyber Security ServicesCyber Security Posture Review
A top-down review to ensure your business is resilient to cyber attacks.
The Cyber Security Posture Review (CSPR) helps an organisation understand its current maturity, identifying risks and providing recommendations. Mapped to the National Cyber Security Centre’s ‘10 Steps to Cyber Security’, guidance, it ensures your business operates an effective Cyber Security framework against the ever-evolving threat landscape.
Why you might need this service
Through a combination of face-to-face meetings, video chats and
employee questionnaires, we examine your organisation’s maturity
against each of these steps, identifying risks and providing contextualised
and actionable recommendations.
This approach ensures organisations have the foundations to
defend against cyber security risks and protect information relating
to customers, employees and business operations.
The Ten Steps
Risk Management Regime – Defining and communicating your Information Risk Management Regime is central to your organisation’s overall cyber security strategy.
Secure Configuration – Having an approach to identify baseline technology builds and processes for ensuring configuration management can greatly improve the security of systems.
Home and Mobile Working – Mobile working and remote system access offers great business benefits but exposes new risks that need to be managed
Incident Management – All organisations will experience security incidents at some point.
First we work with you to understand your business services and assets, and how you interact with your customers and third parties.
Then we walk you through the ‘10 Steps to Cyber Security’, to ensure you understand the scope of each step, and are able to identify the appropriate stakeholders for initial interviews. At this time, we will agree the resources required to support the review.
Once the review of the resource, and the stakeholder interviews are completed, we are able to assess your organisation’s capability against the 10 steps Your buisness’s maturity level will then be determined by referring to a Capability Maturity Model (CMM) based on an industry standard methodology, providing a maturity score between 0-5, where 0 is non-existent and 5 is optimised.
The findings are then formalised in a written report, which provides a CMM score and recommendations against the 10 Steps, and prioritises recommendations to fast-track your maturity.
Managing User Privileges – Giving users unnecessary system privileges or data access rights means that if the account is misused or compromised the impact will be more severe than it needs to be.
Monitoring – Good monitoring is essential in order to effectively respond to attacks and is often a key capability needed to comply with legal or regulatory requirements.
Network Security – By creating and implementing some simple policies and appropriate architectural and technical responses, you can reduce the chances of these attacks succeeding (or causing harm to your organisation).
Removable Media Controls – Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data.
User Education and Awareness – Users have a critical role to play in their organisation’s security and so it is important that security rules and the technology provided enable users to do their job as well as keep the organisation secure.