Cyber Health Check
Mitigating cyber risks comprehensively
A truly robust cybersecurity regime is founded on a comprehensive cyber risk assessment programme to identify the gaps in an organization’s critical risk areas and to determine the right actions to close those gaps. If you are embarking on a cybersecurity improvement programme, a Cyber Health Check will help you identify your weakest security areas and recommend appropriate measures to mitigate your risks.
Why you need one
A Cyber Health Check is essential in establishing a solid foundation on which to build your security infrastructure. A Cyber Health Check will help you identify your weakest security areas and recommend appropriate measures to mitigate your risks. It includes vulnerability scans of critical infrastructure, IPs and websites/URLs, as well as an internal wireless scan.
A Cyber Health Check helps establish a secure infrastructure, so it is often a requirement of regulatory initiatives and compliance standards such as ISO 27001, the General Data Protection Regulation (GDPR), and others.
The NIS Directive
The NIS Directive on security of network and information systems requires operators of essential services (OES) and digital service providers (DSPs) to implement appropriate security measures to protect services that are essential to the national infrastructure, with the view to ensure continuity of those services.
The NIS Directive is aimed at bolstering cybersecurity across sectors that rely heavily on information and communications technology. Certain organizations operating in critical sectors are known as OES. The sectors affected by the NIS Directive are:
- Digital infrastructure
Due to the sensitive nature of these sectors, you will often find that the first requirement towards compliance with the NIS Directive is a Cyber Health Check.
Ask yourself these questions
- Does your board receive regular reports on the status of your company’s cybersecurity governance? If so, how often are the reports received?
- Have you identified your key information assets and thoroughly assessed their vulnerability to attack?
- Has responsibility for cyber risk been allocated appropriately? Is it on the risk register?
- Do you have an effective risk governance structure that your risk tolerance and controls are aligned with?
- Do you have appropriate information risk policies and adequate cyber insurance?
If you answered ‘no’ to any of the questions, you could suffer considerably from an attack, especially if you are a public sector organization or handle large volumes of personal data.
Review your cyber security posture
Our Cyber Health Check is an independent, high-level, three-phase analysis of your cyber security posture that combines on-site consultancy and audit, remote vulnerability assessments and an online staff survey. We will identify your actual cyber risks, audit the effectiveness of your responses to those risks, analyse your real risk exposure and then create a prioritised action plan for managing those risks in line with your business objectives.
What does a Cyber Health Check do?
A Cyber Health Check will provide you with a incisive and detailed report describing your current cyber risk status and critical exposures, and will draw on best practice – such as ISO 27001 – to provide recommendations for reducing your cyber and compliance risk.
The report provides feedback in the following four areas:
- Basic cyber hygiene
- Cyber governance framework
- Policies, procedures and technical controls
- Continuity, recovery and resilience
The difference between a Cyber Health Check and a Cyber Security Audit
A Cyber Security Audit is a one-day consultancy service offering a high-level cyber review of the organization and its IT estate. It identifies the threats, vulnerabilities and risks the organization faces, and the impact and likelihood of such risks materialising.
A Cyber Health Check , however, is more exhaustive in scope. Aside from the audit and the technical cybersecurity controls included in the Cyber Security Audit Service, a Cyber Health Check also conducts vulnerability scans of critical infrastructure, IP and website addresses, an internal wireless scan of router security settings, and an online staff questionnaire that determines gaps between corporate cybersecurity policy and employees’ actual cybersecurity practices.
A Cyber Security Audit provides a snapshot, or an overview, of an organization's IT security posture at a particular moment. A Cyber Health Check, however, delves deeper and looks at the policies and procedures that have contributed to that IT security posture. In that sense, a Cyber Health Check is more concerned with the security processes that describe how people and technology interact to determine whether it is contributing to or hampering overall cybersecurity.
Sepak to an expert
IT Governance has more than 15 years’ experience helping organizations get their basic security hygiene right, working with boards and senior managers to identify and manage cyber risks in line with the organization’s risk appetite and commercial business drivers.