No one is immune from cyber attacks.
Our Cybersecurity HealthCheck provides an efficient, cost-conscious way to evaluate the readiness of your IT security programs. It helps business leaders answer questions like, “Could we be hacked next?” and “Are we getting the best return on the money we spend on IT security?”.
To address these questions, we apply industry leading guidance from organizations like the National Institute of Standards and Technology, and the Center for Internet Security to your unique financial and operational environments.
Unsure if you need a HealthCheck, but worried your company could be at risk?
Take our Cybersecurity Confidence Quiz to find out!
After you take the quiz, you’ll receive your score along with a report of areas where you could be vulnerable to an attack. A consultant will also follow up with you personally to discuss your results.
The HealthCheck focuses on six key areas:
IT Management & Governance
- Ensure the goals and direction of IT align with business objectives
- Review policies, procedures, and staff training
- Evaluate thoroughness of security incident response processes
IT Operations & Monitoring
- Inadequate backups can lead to data loss
- Without proper business continuity and disaster recovery plans and testing, the organization may not respond adequately to events impacting business processes
- Effective event logging is critical to capturing information about events happening on systems
Network Architecture & Administration
- Poor network design, such as lack of segmentation, can lead to weaknesses in controlling access to sensitive data
- Non-existent or out of date diagrams can lead to issues with network assets or interconnections leaving the organization exposed to unknown risks
Physical Security & Environmental Controls
- Inadequate physical security can lead to theft or damage to the organization’s resources
- Inferior environmental controls can lead to damage to IT resources (e.g., overheating, fire, water leak, power outage)
System Configuration & Security
- System misconfigurations and weak user access administration can leave an organization more vulnerable to attack from external or internal entities as well as mistakes by employees
- Lack of encryption can expose sensitive data to third-party snooping or manipulation
- Poor system acquisition processes can lead to weak controls or increased risk exposure through third parties
- Insufficient system retirement controls can lead to unauthorized individuals accessing sensitive data (e.g., hard drive thrown in trash without being wiped/shredded
Ready to start a conversation?