Best Practices for Conducting a Cyber Security Assessment
By Kimberly Connella | September 27, 2021 | 0 Comments
Cyber security assessments are a key component of staying on top of your security. From vendor-risk management to basic security management, there can be a lot to cover and resources can stretch thin.
As a result, aNetworks, Inc. provides you with our top 4 cyber security assessment best practices.
Make sure you are using industry-standard assessment methodologies: CIS, NIST, etc.
Undertaking a cyber security assessment does not mean you have to reinvent the wheel. Thankfully, there are industry leaders who have spent the last two decades doing the heavy lifting for you. Through them, you can find industry-leading methodologies for conducting a cyber security assessment. Not only does this require less effort on your part when it comes to choosing a cyber security assessment provider, but it also ensures you are covering all your bases. If a security provider isn’t using industry standards and frameworks to conduct their assessments, in some cases it could be a red flag.
Check your vendors with a cyber security assessment
Once you have your own laundry in order, it’s best practice to check the laundry of your third-party vendors. Too often it is the case that even if a company has their own security in check, regularly complete assessments, etc., they still get burned because of the poor security of the companies they partner with. Supply-chain attacks to phishing to CEO fraud, there are a plethora of avenues that cyber criminals can reach you at through your third-party vendor. In a perfect world, you would have your third-party vendors perform a cyber security assessment before you start working with them. However, later is better than never, and if the companies you work with do not take their security seriously, then sooner or later you may find yourself in a sticky situation. To read more about the risks of third-party vendors see here.
Establish Acceptable Risk Thresholds
Establish acceptable risk thresholds for both your own company and your third-party vendors. Good security is expensive. Certain strains on resources may not allow you to do everything you need to do all at once. The same holds true for your third-party vendors. Good security is a marathon, not a sprint. Certain implementations can wait, while others should be done immediately. A good way to manage this tension is to prioritize and establish acceptable risk thresholds for both your company and your partners. Prioritizing your biggest risks first and holding off on secondary risks until the time is right.
Go beyond cyber security snapshots
One of the drawbacks of cyber security assessments is that they only provide a picture of your security for a specific point in time. As you know, cyber security threats are constantly evolving. This means even if you are satisfied with the results of your security assessment this week, you may not be in a month from now. New threats evolve every day and to maintain a strong security posture, we must evolve with the times. What keeps you safe one day could be exploited the next. As a result, it is best practice to schedule regular cyber security assessments to make sure you are always aware of your weak points and working to strengthen them.
Take a free 10 Minute NIST-based cyber security assessment
At aNetworks, Inc. we know the importance of assessments. In order to help, we’ve created a free cyber security assessment tool that provides a snapshot of your current security. We provide you with a rating: LOW, MEDIUM, or HIGH risk. Beyond a rating score, we also provide you with a list of your biggest risks and our recommendations. We let you know which risks you should prioritize first. Our assessment is NIST-based, a leading industry standard that is utilized around the world. Additionally, you can use this tool with your third-party vendors as a way to ensure they are safe, keeping you safe in the meantime.
If you have any questions at all, please contact us. We’re happy to help.
If you are looking for more security information, then please check out our resource center.
Finally, you can always find us on Twitter, LinkedIn, and Facebook.