Cyber Governance Health Check

Nettitude will conduct an in-depth cyber governance review and audit of your company’s business and IT operations.

This work will deliver an investigation into all key cyber security areas as addressed by industry standards. Your data, where it is located and the threats against it will be reviewed. Your overall approach to cyber security and the level of understanding throughout the business will be measured.

Cyber Security Governance Health Check

Our methodology will include an analysis of the wider architecture, design, configuration and deployment of the underlying systems to ensure that security best practice is being followed. Assessments will be made through configuration assessments, interviews, documentation reviews and process observation.

Deliverables and Outcomes

Nettitude will debrief all findings to the board of directors, the executives responsible and the management team (as required). The results of the findings will be presented clearly along with recommendations, strategies and a roadmap for progress.

Achievable approaches with priorities and effort will be shown and discussed, along with the required technical documentation and project tasks.

You will be given everything needed to see clearly your current cyber security posture. The required approached needed to improve will be provided, along with the governance structures and mechanisms to manage cyber security in the future.

How will it be conducted?

The heath check will be conducted from two perspectives as follows:

Part A: Cyber Governance and Risk Review

The cyber governance and risk review will be conducted in order to establish the data and assets you have and the management of the locations and values they have to you. The review will ensure that the right oversight and protection is being enforced, managed and monitored within the company.

Advice and guidance on how this can done within the culture and ethos of your industry and company is a large part of any changes, recommendations or guidance issued.

This review will be conducted through analysis and investigations into the following areas:

Risk assessment, process and review

Data location, ownership and retention

Data protection

Threat analysis (industry and location/technology specifics)

Governance structures, security programme reviews, security forums

Management of IT security operations

Incident response and event management

Testing programme and activities

Understand what you are protecting and why is critical – before you look at the controls and if they are effective.

Part B: IT Security Review

The IT Security review will include all the relevant elements of the below:

Architecture and Network Design

Firewall Rulebase Review

Server Build and Configuration Review

Data Retention, Archiving Policy, etc

Encryption Protocols, Certificates, Secure Data Transmission over the internet.

Vulnerability Analysis and Patching Status (inc patching, AV etc)

Network Protection and Security Services (such as IPS, NTP, etc)

Email, Mobile Services and Proxy Service Configuration

User Devices (inc BYOD)

Authentication Mechanisms and Role Based Access Controls (RBAC)

3rd party involvement

Physical Hosting Status/Responsibilities

Activity Logging, Forensic Readiness

Procedures (inc Incident Response, Acceptable Use, User Training, Risk Reviews.)

Review any Internal Testing Events/Practices

Access to the relevant technical teams and administrators will be required. The configuration and design of the networks, applications and data flows will be actively looked at.

Intelligent Cyber Security and Risk Management   0345 5200 085