Color logo - no background.png

Advancement through Cyber Resilience

-
EN
Graphs
loading_apple.gif
loading_apple.gif
loading_apple.gif

BUSINESS THREAT PROFILE

IMPACT: HIGH

data privacy

IMPACT: HIGH

compliance

IMPACT: HIGH

targeted

attacks

IMPACT: HIGH

hacktivism

IMPACT: HIGH

human factor

suppliers

IMPACT: HIGH

service disruption

FCR-dashboard.PNG

IMPACT: HIGH

DATA PRIVACY

IMPACT: HIGH

COMPLIANCE

IMPACT: HIGH

TARGETED

ATTACKS

IMPACT: HIGH

HACKTIVISM

IMPACT: HIGH

HUMAN FACTOR

SUPPLIERS

IMPACT: HIGH

SERVICE DISRUPTION

IMPACT: HIGH

BUSINESS THREAT PROFILE

IMPACT: HIGH

CYBER RESILIENCE POSTURE

data privacy posture

Risk cards

FCR12.PNG

Data Privacy

Depending on whether or not the organisation is interacting with personal information, and its sensitivity, they have an obligation to reasonably protect this information.

Privacy Program

Initial

Unassigned

targeted

attacks

Usually target specific industries, pursuing long-term goals with motivations, including political gain, monetary profit, or business data theft.

FCR32_edited.png

Cyber Threat Inteligence

Initial

Unassigned

Cryptographic Controls

Initial

Unassigned

Data Security

Initial

Unassigned

BYOD & Mobile Protection

Initial

Unassigned

Remote  Connections

Initial

Unassigned

human factor

Human threats are major contributing factors for malware and targeted attacks, leading to dramatic consequences for the organisations.

FCR52_edited.png

suppliers/

partners

Depending on the type of data that is accessible by them or the kind of service they offer, suppliers can pose a significant risk to the organisation.

FCR62_edited.png

Human Resource

Initial

Unassigned

IS Awareness Training

Initial

Unassigned

Supplier Security Program

Initial

Unassigned

service

disruption

A severe threat to any business to lose their productivity or service offerings due to being attacked by cybercriminals.

FCR72_edited.png

compliance

Organisations are behaving differently towards data and information processing facilities that could pose several compliance burdens to the business. 

FCR22_edited.jpg

Business Continuity

Initial

Unassigned

Incident

Response

Initial

Unassigned

Physical Security Perimeter

Initial

Unassigned

Organisation of Information Security

Initial

Unassigned

Risk

Management

Initial

Unassigned

Information Security Policy

Initial

Unassigned

Change Management

Initial

Unassigned

Secure Areas

Initial

Unassigned

Secure Backup

Initial

Unassigned

Sub-Policies & Procedures

Initial

Unassigned

Information Security Audit

Initial

Unassigned

Compliance Management

Initial

Unassigned

A severe threat to any business, attacked by cybercriminals for social, personal or politically motivated reasons. 

hack.PNG

Opportunistic attacks

CIS BAISC CONTROLS

CIS FOUNDATIONAL CONTROLS

CIS ORGANISATIONAL CONTROLS

Asset 

 Management

Initial

Unassigned

Protection of Software Assets

Initial

Unassigned

Vulnerability & Patch Management

Initial

Unassigned

Privileged 

Accounts

Initial

Unassigned

Security Logs

Initial

Unassigned

Email Security

Initial

Unassigned

Anti-Malware

Initial

Unassigned

Network Security Segmentation

Initial

Unassigned

Secure Backup

Initial

Unassigned

Network Devices

Initial

Unassigned

Data Loss Prevention

Initial

Unassigned

Access Control

Initial

Unassigned

Wireless Security

Initial

Unassigned

User Access Review

Initial

Unassigned

Awareness Training

Initial

Unassigned

Security in Software Lifecycle

Initial

Unassigned

Incident Response

Initial

Unassigned

Security Testing Program

Initial

Unassigned

RISK
THREAT SEVERITY
LOW
MEDIUM
HIGH
0. NON-EXISTENT
MODERATE
1. INITIAL
MODERATE
HIGH
CRITICAL
HIGH
CRITICAL
2. REPEATABLE
3. DEFINED
CONTROL EFFECTIVENESS
LOW
LOW
4. MANAGED
LOW
MODERATE
HIGH
LOW
MODERATE
LOW
LOW
5. OPTIMISED
LOW
LOW
LOW

Company

--

Date

date

Status

status

Customer record is finalised!

compliance

Major Non-Conformity

Minor Non-Conformity

Conform

4. Context of the Organisation

5. leadership

6. planning

7. support

8. Operation

9. Performance evaluation

10. improvement

Iso3_edited_edited.png
apra_edited.jpg

APRA  CPS 234

1. Roles & Responsibilities

2. information security capability

3. policy framework

6. incident management

4. information identification & classification

5. implementation of controls

7. testing control effectiveness

8. Internal audit

9. apra notification

Major Non-Compliance

Minor Non-Compliance

Comply

essential 8

CIS5.PNG

CIS controls TOP 20

BASIC

Cis2.PNG

Inventory and Control of Hardware Assets

1

Effectiveness: Non-Existent 

Cis2.PNG

Inventory and Control of Software Assets 

2

Effectiveness: Non-Existent 

Cis2.PNG

Continuous Vulnerability Management 

3

Effectiveness: Non-Existent 

Cis2.PNG

Controlled Use of Administrative Privileges 

4

Effectiveness: Non-Existent 

Cis2.PNG

Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers 

5

Effectiveness: Non-Existent 

Cis2.PNG

Maintenance, Monitoring and Analysis of Audit Logs 

6

Effectiveness: Non-Existent 

FOUNDATIONAL

Cis3.png

Email and Web Browser Protections

7

Effectiveness: Non-Existent 

Cis3.png

Malware Defenses 

8

Effectiveness: Non-Existent 

Cis3.png

Limitation and Control of Network ports, Protocols and Services 

9

Effectiveness: Non-Existent 

Cis3.png

Data Recovery Capabilities 

10

Effectiveness: Non-Existent 

Cis3.png

Secure Configuration for Network Devices, such as Firewalls, Routers and Switches 

11

Effectiveness: Non-Existent 

Cis3.png

Boundary Defense

12

Effectiveness: Non-Existent 

Cis3.png

Data Protection 

13

Effectiveness: Non-Existent 

Cis3.png

Controlled Access based on the Need to Know 

14

Effectiveness: Non-Existent 

Cis3.png

Wireless Access Control 

15

Effectiveness: Non-Existent 

Cis3.png

Account Monitoring and Control 

16

Effectiveness: Non-Existent 

ORGANISATIONAL

Cis4.png

Implement a Security Awareness and Training Program

17

Effectiveness: Non-Existent 

Cis4.png

Application Software Security 

18

Effectiveness: Non-Existent 

Cis4.png

Incident Response and Management 

19

Effectiveness: Non-Existent 

Cis4.png

Penetration Testing and Red Team Exercises 

20

Effectiveness: Non-Existent 

nist_edited.png

5- Optimised

4- Managed

3- Defined

2- Repeatable

1- Ad-hoc

0- Non-Existent

Cyber Security Framework

-
EN