Advancement through Cyber Resilience

Risk Statement

Risk

recommendation

Plan

arrow&v
arrow&v
Plan Description

Please select from options!
-
EN
Control Panel
Business Context
Forte Resilience
Executive Dashboard
Forte Support
loading_apple.gif
loading_apple.gif
loading_apple.gif
loading_apple.gif
loading_apple.gif
loading_apple.gif
loading_apple.gif
ajax-loader.gif

Company

--

FCR12.PNG

Data Privacy

Depending on whether or not the organisation is interacting with personal information, and its sensitivity, they have an obligation to reasonably protect this information.

Privacy Program

Initial

Unassigned

targeted

attacks

Usually target specific industries, pursuing long-term goals with motivations, including political gain, monetary profit, or business data theft.

FCR32_edited.png

Cyber Threat Inteligence

Initial

Unassigned

Cryptographic Controls

Initial

Unassigned

Data Security

Initial

Unassigned

BYOD & Mobile Protection

Initial

Unassigned

Remote  Connections

Initial

Unassigned

arrow&v

human factor

Human threats are major contributing factors for malware and targeted attacks, leading to dramatic consequences for the organisations.

FCR52_edited.png

suppliers/

partners

Depending on the type of data that is accessible by them or the kind of service they offer, suppliers can pose a significant risk to the organisation.

FCR62_edited.png

Human Resource

Initial

Unassigned

IS Awareness Training

Initial

Unassigned

Supplier Security Program

Initial

Unassigned

service

disruption

A severe threat to any business to lose their productivity or service offerings due to being attacked by cybercriminals.

compliance

Organisations are behaving differently towards data and information processing facilities that could pose several compliance burdens to the business. 

FCR22_edited.jpg

Business Continuity

Initial

Unassigned

Incident

Response

Initial

Unassigned

Physical Security Perimeter

Initial

Unassigned

Organisation of Information Security

Initial

Unassigned

Risk

Management

Initial

Unassigned

Information Security Policy

Initial

Unassigned

Change Management

Initial

Unassigned

Secure Areas

Initial

Unassigned

Secure Backup

Initial

Unassigned

Sub-Policies & Procedures

Initial

Unassigned

Information Security Audit

Initial

Unassigned

Compliance Management

Initial

Unassigned

A severe threat to any business, attacked by cybercriminals for social, personal or politically motivated reasons. 

Opportunistic attacks

CIS BAISC CONTROLS

CIS FOUNDATIONAL CONTROLS

CIS ORGANISATIONAL CONTROLS

Asset 

 Management

Initial

Unassigned

Protection of Software Assets

Initial

Unassigned

Vulnerability & Patch Management

Initial

Unassigned

Privileged 

Accounts

Initial

Unassigned

Security Logs

Initial

Unassigned

Email Security

Initial

Unassigned

Anti-Malware

Initial

Unassigned

Network Security Segmentation

Initial

Unassigned

Secure Backup

Initial

Unassigned

Network Devices

Initial

Unassigned

Data Loss Prevention

Initial

Unassigned

Access Control

Initial

Unassigned

Wireless Security

Initial

Unassigned

User Access Review

Initial

Unassigned

Awareness Training

Initial

Unassigned

Security in Software Lifecycle

Initial

Unassigned

Incident Response

Initial

Unassigned

Security Testing Program

Initial

Unassigned

RISK
THREAT SEVERITY
LOW
MEDIUM
HIGH
0. NON-EXISTENT
MODERATE
1. INITIAL
MODERATE
HIGH
CRITICAL
HIGH
CRITICAL
2. REPEATABLE
3. DEFINED
CONTROL EFFECTIVENESS
LOW
LOW
4. MANAGED
LOW
MODERATE
HIGH
LOW
MODERATE
LOW
LOW
5. OPTIMISED
LOW
LOW
LOW

© 2021 Secure Forte Pty Ltd.

Version 2021.04.21

-
EN