Security Analytics

Procedures and systems are in place to collect, manage, analyze, and log events.

cybermetrIQs dashboard
  1. The network is monitored to detect potential cybersecurity events and the organization uses synchronized time sources from which all servers and network devices retrieve time information on a regular basis so that event timestamps are consistent.
  2. Ensure that appropriate logs are being aggregated to a central log management system for analysis and review.
  3. On a regular basis, review logs to identify anomalies or abnormal events.
  4. Incident alert thresholds are established

Business Continuity Plan

The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information will inform a Business Continuity Plan.

cybermetrIQs dashboard
  1. Identify key business areas and establish priorities for critical services
  2. Define dependencies and critical functions for delivery of critical services
  3. Determine acceptable downtime and resilience requirements for each critical function
  4. Develop and periodically review a Business Continuity Plan
  5. cyberconIQ benefit is deeply embedded and reinforced

Cybersecurity Policy Frameworks

A cybersecurity policy framework to manage and monitor the organization are understood and inform the management of cybersecurity risk.

cybermetrIQs dashboard
  1. Perform a gap analysis of each regulatory requirement and driver that is applicable to determine where policy is needed.
  2. Establish cybersecurity roles and responsibilities
  3. Create and communicate an organizational cybersecurity policy
  4. Define a cybersecurity policy development lifecycle
  5. cyberconIQ benefit is deeply embedded and reinforced

Cyber Hygiene Practices

Procedures and systems that organizations employ to keep their systems healthy and secure. Such as, Anti-malware, Backups, Patching, Monitoring, Secure Configurations and Least Privilege

cybermetrIQs dashboard
  1. Utilize a centrally managed anti-malware software and clients are updated automatically
  2. Implement boundary defense that detects and prevents the flow of information transferring across networks of different security levels
  3. Establish secure configurations for hardware, software and network devices which enforce the principle of least privilege
  4. Deploy an automated operating system patch management tool

Data Loss Prevention Practices

Information and data are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information

cybermetrIQs dashboard
  1. Maintain an inventory of sensitive information
  2. Protect information through access control lists and access permissions/authorizations are managed, incorporating the principles of least privilege and separation of duties
  3. Segment the network based on sensitivity
  4. Implement protections against data leaks and enforce detailed logging for access or changes to sensitive data
  5. cyberconIQ benefit is deeply embedded and reinforced

Data Encryption Practices

The processes and tools used to mitigate the effects of exfiltrated data and ensure the privacy of sensitive information.

Vulnerability/Penetration Testing

Test the overall strength of an organization’s defense (the technology, the processes, and the people).

cybermetrIQs dashboard
  1. Perform automated vulnerability scans
  2. Establish incident alert thresholds
  3. Utilize a risk-rating process to assess vulnerabilities while continuously comparing back-to-back scans
  4. Establish a program for penetration tests that includes a full scope of blended attacks, such as wireless, client-based, and web application attacks

Incident Response Plan

Response processes and procedures are executed and maintained, to ensure response to detected cybersecurity incidents.

cybermetrIQs dashboard
  1. Document an incident response policy with assigned job titles and duties
  2. Designate management personnel to support incident handling
  3. Devise an organization-wide standard for reporting an incident
  4. Conduct periodic incident scenarios
  5. cyberconIQ benefit is deeply embedded and reinforced