Documente Academic
Documente Profesional
Documente Cultură
2019
BUILDING A
CYBERSECURITY
RISK
ASSESSMENT
PLAN
INTRODUCTION
Businesses and organizations have learned to always be
prepared for a cyberattack – and rightly so. According to
Juniper’s CyberCrime and the Internet of Threats 2018
report, by 2023 U.S. companies and organizations will be
targets of more than 50% of all cyberattacks.
2
In short, any organization of any size can be the target
of a cyberattack, which is why companies need to
seriously address security concerns – before the next
attack occurs. Many organizations do this by building
dedicated cybersecurity teams, separate from traditional
IT staff. The cybersecurity team, typically led by a Chief
Information Security Officer (CISO), is responsible not
only for post-attack incident response but also for
creating and implementing all pre-attack security plans.
An essential part of any enterprise security plan is an
analysis of the organization’s current security status
and possible weaknesses. This analysis – called a
Cybersecurity Risk Assessment Plan – is crucial in
understanding how a company can improve its data
security and protect against future attacks.
3
WHAT IS A CYBERSECURITY
RISK ASSESSMENT PLAN?
What can organizations do today to be better prepared
for an attack tomorrow? When it comes to IT security, it
all starts with a Cybersecurity Risk Assessment Plan.
4
they face. Companies use the results of this process to
inform the organization’s decision-makers and to prepare
appropriate preventive measures. First, a company
identifies the threats, and then they protect against them.
5
By conducting an exhaustive audit and identifying
potential threats, a company can significantly minimize
the risk of future security incidents and thus reduce long-
term costs. Staff and management will be more aware
of IT security weaknesses and thus more amenable to
budgeting and enacting necessary security measures.
More critical, developing this plan creates a corporate
mindset that recognizes cybersecurity risks and
encourages stronger data security.
6
BUILDING A
CYBERSECURITY ANALYSIS
AND RISK ASSESSMENT
PLAN
In most organizations, the cybersecurity analysis
and risk assessment plan is the responsibility of the
cybersecurity team and CISO. If an organization does
not have a dedicated cybersecurity team, the plan may
be the responsibility of the IT department and CIO.
Some companies hire consultants to help them prepare
the plan.
7
DATA AUDIT
SECURITY ASSESSMENT
8
an organization’s security preparedness and includes
checking for vulnerabilities in IT systems and processes.
Hardware Assessment
This should be a detailed examination of the
company’s hardware infrastructure, including
network and data storage capabilities. Particular
attention should be paid to the age and condition
of key hardware, as well as the suitability of
current hardware for future needs.
Vulnerability Assessment
This is an evaluation of what parts of the company’s
IT infrastructure are most vulnerable to attack. It
involves identifying potential weaknesses in the
organization’s computer systems, network
infrastructure, software, and other key elements.
9
RISK EVALUATION
10
Once all potential risks have been identified, those risks
need to be prioritized. It’s important to know what risks
are most likely, as well as those that would have the
highest impact (financially or otherwise) on the company.
To this end, a type of cybersecurity risk matrix should be
created. This matrix should rank risks from most likely
and highest impact to least likely and lowest impact.
11
DISASTER RECOVERY PLAN
COMPLIANCE AUDIT
12
HOW CAN UNTANGLE HELP?
After an organization has conducted its internal audit
and risk assessment, what comes next? It’s all about
implementation.
13
PROTECT
FILTER
CONNECT
MANAGE
CONFIGURATION BACKUP
14
LET US HELP YOU
Improving your company’s cybersecurity doesn’t need to be
difficult. After you’ve accessed your security risks, consider
mitigating those risks with Untangle’s NG Firewall and
related dashboard, apps, and reports.
15
ABOUT US
Untangle is the most trusted name in solutions
specifically designed to help small-to-medium
businesses and distributed enterprises optimize
their networks while safeguarding their data
and devices. Untangle’s Network Security
Framework provides cloud-managed security
and connectivity options that work together
seamlessly to ensure protection, monitoring,
and control across the entire digital attack
surface from headquarters to the network edge.
Untangle’s award-winning products are trusted
by over 40,000 customers and protect millions of
people and their devices. Untangle is committed
to bringing open, innovative and interoperable
solutions to its customers through its rapidly
growing ecosystem of technology, managed
services, and distribution partners worldwide.
Untangle is headquartered in San Jose, California.
©2019 Untangle, Inc. All rights reserved. Untangle and the Untangle logo are registered marks or trademarks
of Untangle, Inc. All other company or product names are the property of their respective owners.