Cyberfit Insights Assessment
Cyberfit Insights Assessment is based on lead indicators that identify cyber risks within the organisation. The Insights Report is used by Executive and Directors to understand risk and prioritise further cyber risks and initiatives.
Discover information assets within the environment
Discover at-risk data on desktop and laptop devices (connected during discovery)
Foundational cybersecurity technical testing within the environment
Review cybersecurity related documentation including policies & procedures
Report on current cyber risk status across the eight primary cyber risk domains
Provide recommendations to mitigate identified cyber risks
Onsite / Virtual presentation of Executive Summary & recommendations
The scope of the Cyberfit Insights Assessment includes the following activities. Cybercraft automates the assessment through use of several security tools. The depth of these activities is time limited, based on the number of devices and scope of issues discovered.
Cyber Risk Assessment
Cyber Risk Assessment is the first step in providing a clear statement of cyber risk to the Board and the executive to determine risk appetite, and prioritisation of remediation and funding. To provide this Cyber risk Assessment provides a comprehensive review of the business management controls and capability in respect to cyber risk.
The assessment includes a combination of security testing, management interviews, reviews of policies and processes to determine the cyber risks to the organisation.
Cybercraft uses the globally recognised CIS Controls and NIST Cybersecurity Framework as the basis for evaluating controls in the Cyber Risk Assessments.
The Cyber Risk Assessment report is tailored to each Client and includes an Executive Summary that identifies and classifies key cyber risks by criticality so that clear actions for remediation can be determined and prioritised.
A tailored report provides a measured cyber risk maturity of the organisation combined with the business Cyber Risk Mitigation Capability, and provides a clear statement of cyber risk, supported by a comprehensive and rigorous testing process.