Cyber Security Audit
Seric assist organisations to scope and properly contextualise their cyber risk.
Organisations are open to a wide and ever increasing range of cyberattacks; often unaware of the full scope of their risks, or where best to start to mitigate those risks. Boards too rarely afford oversight to IT and Cyber as they would in normal financial management.
Seric recognise this position and have a range of Cyber Audit and Cyber Assessment Services to assist organisations from Cyber Essentials through to a full deep dive around the Critical Controls.
The first premise of the Seric approach is to note that Security is a big topic: a topic bigger than IT. Security is physical, it is people; not just data and applications. Security is not a problem over which only the IT department should toil.
Seric’s approach to Security is to make a broad analysis of the current organisational risk and work with the organisation to help align the risk posture the business wishes to take and establish the gaps that need to be addressed by an appropriate combination of training, process change and technology.
Seric believe that benchmarking oneself is the first logical step for any organisation seeking to shore up their security risks and recommend a Holistic Approach.
A Holistic Approach
Our approach is in two parts, firstly to make an assessment of the cyber security risk against an open security standard, and secondly to make a multiple perspective measure of data leakage by examining the levels of leakage internally, externally and at where the endpoint meets shadow IT.
Seric’s approach to Governance, Risk & Compliance (GRC) is to report on the current risk position of the organisation as compared against a leading open standard measure in Security. This coupled with a multi-layered DLP (Data Loss Prevention) assessment though our Listening Services
Listening In - Assessing Servers and Network traffic
Listening Out - Assessing Information in the Public Domain and Dark Web
Listening Around - Assessing Demonstrable Compliance and Insider Threat
Prevention is ideal, but detection is a must. Organisations should prepare for when a breach occurs since in all likelihood a breach will, or indeed may have already occurred. The risks presented by a leak needs to be understood, and having a proactive view of such risks to the organisation will also have its advantages when the forthcoming GDPR legislation arrives. A breach missed internally can still be detected externally using such, thereby giving organisations a head start on remediation; tactically as well as financially. Any such financial risk in this area is presented both in reputational brand damage and the more direct financial impact of fines currently levied by organisations like the Information Commissioner’s Office in the UK.
Seric’s Services Approach
Seric services are delivered using our Seric Implementation Methodology (SIM) which is aligned to Prince2 best practice.
Seric services protect enterprises by increasing their risk understanding. Building a stronger understanding of the overall operational risks such as service risks, resource risks and technology risks into your business and IT processes, including your technology infrastructure, is critical in today’s environment.
There is an exponential growth of data center transformation, virtualization, mobility, social business and attack sophistication. To address risk mitigation in this context, you need to be able to make fast business decisions surrounding your overall risk management health and this can only be achieved in the context of a well-documented and clearly understood technology landscape.
Our dedicated team of experts is committed to understanding and meeting your business requirements.