Cyber Review Sample report

Size: px

Start display at page:

Download "Cyber Review Sample report"

Blake Russell
6 years ago
Views:

1 IT Governance Cyber Review Sample report Protect Comply Thrive

2 Cyber Review Report Prepared for Evelyn Murphy, Chief Information Officer, Baratheon PLC HLCR Sample Report Copyright IT Governance Ltd 2017 Page 2 of 6

3 Table of Contents 1.0 Executive summary Cyber Assessment Summary Recommendations Conclusion... 6 HLCR Sample Report Copyright IT Governance Ltd 2017 Page 3 of 6

4 1.0 Executive summary IT Governance Ltd were invited to conduct a cyber review at Baratheon PLC (Baratheon) Manchester offices on the 18 th June 2017, with the purpose of assisting the management team in developing a strategy for managing cyber security. A summary of the recommendations made during the cyber security review are detailed in Section 2. The recommendations highlighted in red should be considered and implemented as a matter of priority and as soon as practically possible. 2.0 Cyber Assessment Summary Recommendations 2.1 Governance Recommendations Assign accountability and responsibility for security to an individual or individuals 2.2 Asset Recommendations Compile an asset register with sections for hardware, software, data, people, processes, intangibles and third parties etc Implement an information classification policy and labelling 2.3 Risk Management Recommendations Conduct a risk assessment at regular intervals the organisations assets and apply controls applied where applicable 2.4 Training and Awareness Recommendations Provide security awareness training to all staff on induction and communicate security updates at regular intervals 2.5 Policies and Procedure Recommendations Document security policies, procedures, internal processes and technical work instructions 2.6 Physical Security Recommendations Implement a clear desk and clear screen policy Secure unattended offices, server rooms and filing cabinets 2.7 Incident Management Recommendations Document an incident management process HLCR Sample Report Copyright IT Governance Ltd 2017 Page 4 of 6

5 2.8 Business Continuity Management Recommendations Test the business continuity plan or arrangements 2.9 Third Party Recommendations Carry out third party risk supplier risk assessments 2.10 Legal, Regulatory and Contractual Recommendations Prepare for the EU GDPR regulations 2.11 Secure configuration Implement a standard build and roll out across all devices 2.12 Network security Implement regular vulnerability scanning and monitoring e.g. SolarWinds, Nessus 2.13 Anti-Malware Document and implement a patching policy for all hardware and applications 2.14 User Access and User Privileges Document an access control policy 2.15 Mobile devices, mobile working and removable media Document a BYOD policy for internal and external users Enable remote wiping on mobile devices 2.16 Data storage Introduce a data retention policy Encrypt all data in storage and transit Introduce a data and device disposal policy 2.17 Development Avoid using live data for development testing Document the development process 2.18 Security Monitoring Introduce network and device monitoring Introduce an IDS (intrusion detection solution) HLCR Sample Report Copyright IT Governance Ltd 2017 Page 5 of 6

6 3.0 Conclusion The UK government s National Security Strategy acknowledges cyber threats as one of the four major risks to national security. Baratheon is in the process of developing a robust cyber security strategy to support its future requirements. 25 recommendations have been made following the high level cyber review. For further assistance please contact your IT Governance account manager. HLCR Sample Report Copyright IT Governance Ltd 2017 Page 6 of 6

Manchester Metropolitan University Information Security Strategy

Manchester Metropolitan University Information Security Strategy 2017-2019 Document Information Document owner Tom Stoddart, Information Security Manager Version: 1.0 Release Date: 01/02/2017 Change History