Cyber Security Audits
How well does your organisation manage its cyber risk? Do you have a response plan for cyber incidents?
PlanB Consulting is here to help your organisation be prepared to respond to cyber incidents and manage your cyber risk.
“Thankfully, we now live in a world where it is accepted that data breaches happen and organisations are more comfortable disclosing that they have been victim to an attack. However, with this welcome move away from victim blaming, organisations are now being judged more on how well they manage a breach.”
Brian Honan in Computer Weekly
Cyber Gap Analysis
The SUNBURST hack in 2020 of the SolarWinds Orion Software showed that any organisation could be vulnerable to a cyber breach. The hack compromised 18,000 of the organisation’s systems’ including many USA Government organisations.
No matter how well prepared an organisation is, there is always a risk, so the key is to prepare your response as well.
Large organisations like Equifax, Marriot and Travelex have demonstrated the repercussions of a poor cyber incident response, and are good examples of how not to manage a data breach. Many of the mistakes they made in their response could have been avoided by training, preparation and exercising.
To avoid your organisation making the same mistakes, PlanB Consulting can audit your organisation and assess your level of preparation in managing cyber risk.
Our Gap Analysis
PlanB Consulting can carry out a full review of your level of preparation, maturity level if required and then produce a gap analysis which details the suggested work you should carry out.
PlanB Consulting can provide your organisation with a Cyber Gap Analysis covering the following 6 areas:
Does your organisation understand what you have to lose during a data breach? Have you had a comprehensive cyber risk assessment and audit carried out on your cyber risks and vulnerabilities?
Are there plans and playbooks in place for dealing with the different cyber incidents the organisation could face? Have recovery and disaster recovery plans been tested?
Do you have crisis communications plans and procedures in place for different types of cyber incidents?
Communications and Reputation Management
Do you have comprehensive communications plans in place for different types of cyber incidents?
Do you have relationships or contracts in place with appropriate third parties that could fill in-house knowledge gaps and provide expertise?
Exercises and Training
What is the level of cyber knowledge of those who would respond to a cyber incident and what training they have had? When were the plans last exercised and have cyber scenarios been exercised?.
Methodology for the gap analysis
The following are the stages of the gap analysis:
- Project kick-off meeting
- Document review
- Interviews with key organisation personnel
- Write up and agree on the report
- Deliver report
- Optional report presentation to senior managers
Report identifying the organisation cyber incident management gaps against best practice and recommendations for improvement.