Cyber Review Sample report

Similar documents
Manchester Metropolitan University Information Security Strategy

General Data Protection Regulation

Version 1/2018. GDPR Processor Security Controls

Data Protection and GDPR

Advent IM Ltd ISO/IEC 27001:2013 vs

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

Canada Life Cyber Security Statement 2018

IT Governance Cyber Health Check. Sample report. Protect Comply Thrive

WELCOME ISO/IEC 27001:2017 Information Briefing

Information Security Controls Policy

WORKSHARE SECURITY OVERVIEW

This document provides a general overview of information security at Aegon UK for existing and prospective clients.

INFORMATION ASSET MANAGEMENT POLICY

Information Security Controls Policy

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

A practical guide to IT security

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

ISO & ISO & ISO Cloud Documentation Toolkit

Altius IT Policy Collection

General Data Protection Regulation

Security Awareness Training Courses

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

A company built on security

Asda. Privacy and Electronic Communications Regulations audit report

EU General Data Protection Regulation (GDPR) Achieving compliance

Protecting your data. EY s approach to data privacy and information security

Checklist: Credit Union Information Security and Privacy Policies

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Cybersecurity Auditing in an Unsecure World

Data Sharing Agreement. Between Integral Occupational Health Ltd and the Customer

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR )

Changing face of endpoint security

ISE North America Leadership Summit and Awards

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

INFORMATION SECURITY POLICY

Take Risks in Life, Not with Your Security

AUTHORITY FOR ELECTRICITY REGULATION

PS Mailing Services Ltd Data Protection Policy May 2018

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Just-Property Ltd GDPR Client Data Register

DATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:

Business Continuity and Disaster Recovery

NEN The Education Network

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Information Handling and Classification Table

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

The Common Controls Framework BY ADOBE

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

RISING CYBER SECURITY CAPABILITY WITH A UNIQUE NETWORK OF TRUSTED PARTNERS. Jan De Blauwe Chairman Cyber Security Coalition Belgium

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

Cyber Security Program

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

Cloud Security Standards Supplier Survey. Version 1

Date Approved: Board of Directors on 7 July 2016

BHConsulting. Your trusted cybersecurity partner

Procedure: Bring your own device

Data Protection Policy

ADIENT VENDOR SECURITY STANDARD

This Privacy Policy applies if you're a customer, employee or use any of our services, visit our website, , call or write to us.

Mapping Cyber-Protections to Regulatory Requirements for Fintech

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

FDIC InTREx What Documentation Are You Expected to Have?

Internet of Things Toolkit for Small and Medium Businesses

Cyber Insurance PROPOSAL FORM. ITOO is an Authorised Financial Services Provider. FSP No

GM Information Security Controls

ANATOMY OF AN ATTACK!

Education Network Security

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Corporate Information Security Policy

Oracle Data Cloud ( ODC ) Inbound Security Policies

IBM Security Guardium Analyzer

NYDFS Cybersecurity Regulations

INTERNATIONAL SOS. Information Security Policy. Version 2.00

Cybersecurity The Evolving Landscape

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

Security Principles for Stratos. Part no. 667/UE/31701/004

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

Certified Information Systems Auditor (CISA)

Cyber security tips and self-assessment for business

A guide to understanding the implications of GDPR on print and document management

Altius IT Policy Collection Compliance and Standards Matrix

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

SECURITY & PRIVACY DOCUMENTATION

An overview of mobile call recording for businesses

External Supplier Control Obligations. Cyber Security

IT Services IT LOGGING POLICY

Birmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

Wye Valley NHS Trust. Data protection audit report. Executive summary June 2017

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

GDPR Update and ENISA guidelines

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

Standard CIP Cyber Security Systems Security Management

Transcription:

IT Governance Cyber Review Sample report Protect Comply Thrive

Cyber Review Report Prepared for Evelyn Murphy, Chief Information Officer, Baratheon PLC HLCR Sample Report Copyright IT Governance Ltd 2017 Page 2 of 6

Table of Contents 1.0 Executive summary... 4 2.0 Cyber Assessment Summary Recommendations... 4 3.0 Conclusion... 6 HLCR Sample Report Copyright IT Governance Ltd 2017 Page 3 of 6

1.0 Executive summary IT Governance Ltd were invited to conduct a cyber review at Baratheon PLC (Baratheon) Manchester offices on the 18 th June 2017, with the purpose of assisting the management team in developing a strategy for managing cyber security. A summary of the recommendations made during the cyber security review are detailed in Section 2. The recommendations highlighted in red should be considered and implemented as a matter of priority and as soon as practically possible. 2.0 Cyber Assessment Summary Recommendations 2.1 Governance Recommendations Assign accountability and responsibility for security to an individual or individuals 2.2 Asset Recommendations Compile an asset register with sections for hardware, software, data, people, processes, intangibles and third parties etc Implement an information classification policy and labelling 2.3 Risk Management Recommendations Conduct a risk assessment at regular intervals the organisations assets and apply controls applied where applicable 2.4 Training and Awareness Recommendations Provide security awareness training to all staff on induction and communicate security updates at regular intervals 2.5 Policies and Procedure Recommendations Document security policies, procedures, internal processes and technical work instructions 2.6 Physical Security Recommendations Implement a clear desk and clear screen policy Secure unattended offices, server rooms and filing cabinets 2.7 Incident Management Recommendations Document an incident management process HLCR Sample Report Copyright IT Governance Ltd 2017 Page 4 of 6

2.8 Business Continuity Management Recommendations Test the business continuity plan or arrangements 2.9 Third Party Recommendations Carry out third party risk supplier risk assessments 2.10 Legal, Regulatory and Contractual Recommendations Prepare for the EU GDPR regulations 2.11 Secure configuration Implement a standard build and roll out across all devices 2.12 Network security Implement regular vulnerability scanning and monitoring e.g. SolarWinds, Nessus 2.13 Anti-Malware Document and implement a patching policy for all hardware and applications 2.14 User Access and User Privileges Document an access control policy 2.15 Mobile devices, mobile working and removable media Document a BYOD policy for internal and external users Enable remote wiping on mobile devices 2.16 Data storage Introduce a data retention policy Encrypt all data in storage and transit Introduce a data and device disposal policy 2.17 Development Avoid using live data for development testing Document the development process 2.18 Security Monitoring Introduce network and device monitoring Introduce an IDS (intrusion detection solution) HLCR Sample Report Copyright IT Governance Ltd 2017 Page 5 of 6

3.0 Conclusion The UK government s National Security Strategy acknowledges cyber threats as one of the four major risks to national security. Baratheon is in the process of developing a robust cyber security strategy to support its future requirements. 25 recommendations have been made following the high level cyber review. For further assistance please contact your IT Governance account manager. HLCR Sample Report Copyright IT Governance Ltd 2017 Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback