Cyber Expedite  – Insight Series

Insight Series is a collection of exclusive security related content by industry experts and organisations to keep you informed of current best practices.

Eoin Keary CEO & Founder

Eoin is a veteran of the cyber security industry with 20 years of software development and security experience. Eoin previously held the Global Vice Chair position at the OWASP foundation, and led development of the OWASP Testing and Code Review Guides. Eoin also led an EMEA penetration testing team, leading global enterprise cyber security engagements with a big 4 consultancy for 5 years prior to founding BCC Risk Advisory Ltd and Edgescan in 2011. Eoin was named OWASP Person of the year for 2015 and 2016 for contributions to the industry, and awarded the Tech Excellence Rising Star Award in 2015.

Recommended Cyber Expedite Workflow.

Vulnerability management is one of the most important controls any organisations can implement, it will give you an understanding of your exposure to cyber-attack. Ideally, any organisation should complete regular assessments and have real time intel into any new vulnerabilities within your systems.

Click the button above to login and start your scoping exercise to connect for free to this service provider.

Connect to Featured Service Provider

 

For FREE!

We expand on the 12 Steps to Cyber Security from the NCSC with insight provided by industry leaders.

l

Step 1 – Establish governance and organisation

U

How do you start a program like this?

When creating a formal or informal organizational system for decision-making and project management (governance) you need to identify the stakeholders. Stakeholders might include: CMOs, CIOs, third-party vendors etc. It’s also important to educate members on the basics of corporate governance. Having employees understand the what and why behind governance will make the transition easier.

What is the best way to align Business objectives to the cyber security strategy ?

Its more the alignment of security to business objectives? Security supports the business, it’s a means-to-and end.

In your experience, what is the most effective way to drive senior stakeholder support?

Demonstrate risks, potential damage, benefits and efficiencies of running a structured cyber governance programme.

Where do you start on defining key roles and responsibilities?

It’s important to assign the right people to the right spot. Clear, defined roles will lead to less confusion when the model is rolled out.

Choose members from different departments and make sure to include experienced IT staff in each. Executive sponsors and the project management office will play a critical role by explaining the benefits of the new governance model.

Who are the key shareholders to participate in Cyber Risk Management Forums/Groups?

Business owners, CIO’s, Board members, IT executives, project managers.

Where do you start in defining your cyber risks? What the best way to record them and monitor progress.

Establish an asset register of important systems and data. Understand how they are used. Understand what the impact of disruption or data breach would be for the business per system and prioritise as such. Understand GDPR requirements and how they apply to you and your clients data you hold.

Would you recommend any risk management frameworks to match financial/operational or reputational impacts to the risks captured?

ISO 27001 or SOC2 would be a good place to start.

What is the easiest, most effective way to document policies or standards and how do you ensure they are relevant to your organisation?

Adopt an approach similar to ISO27001 is one example. Having a list of controls and associated actions and measures in place similar to a Statement of Applicability (SoA) would be a good start.

 

What are the key KPI (Key Performance Indicators) at this early stage that can add value?

Inventories of system and data being established and maintained. Regular audits of access control, vulnerability management and attack surface visibility. Monitoring time to remediation and maintaining a risk register would also help keep track of a cyber governance process.

With Cyber-attacks ever evolving, what tactical measures should any company do right now?

Assess access control measures for critical systems and client-facing solutions. Perform regular vulnerability management, patching and maintenance across all public Internet facing and remote access systems.

 

How are Edgescan helping organisations protect and manage Cyber risk?

Edgescan delivers continuous risk based vulnerability assessment, risk prioritization and support to help our clients ensure they are operating in a robust and resilient environment.

Please note: A nominal fee is requird to complete the scoping exercise through our platform. Customer fee will be refunded in 14 days once featured provider is engaged. You may choose any one of our Cyber Builds ( Scoping Workflows) to qualify for refund.

Please note: You can bypass the regular payment by using our chatbot and requesting a free voucher. This will allow you to scope and connect to the featured service provider for free!