4
oneneck.com
Step 1. Assess and address
cyber risks.
Although cyberattacks and data breaches are on the rise, many
businesses tend to dramatically underestimate their risk. But any
effective security strategy has to start with acknowledging the inherent
risk, then setting forth to understand, document and mitigate existing
vulnerabilities.
A security assessment is the first step to successful risk mitigation by
evaluating your current security posture, identifying potential risks and
vulnerabilities, and providing the basis for a holistic incident-response
plan.
While there are many types of security assessments, ideally they
should include:
Assess with Proven Frameworks: A cybersecurity framework
provides a common language and set of standards for security
teams to assess their security posture and shine light on the gaps
that must be addressed. Common frameworks include NIST, ISO,
SOC2, HIPAA, GDPR, FISMA and CIS Controls. The applicability
of frameworks is dependent upon your organization's unique
environment and your business goals. But they're a practical
foundation for building a risk management program, as well as for
on-going security strategy.
Good Cyber Hygiene: Maintaining a consistent hygiene routine
is the foundation of a healthy lifestyle, and likewise, routine cyber
hygiene is the foundation of a strong cyber defense. There are
three areas cyber hygiene must address: people, processes and
technology.
▪ People: It's the people that present the greatest risk, and
your organization's people must be protected with device
safeguards and policies. This includes anti-virus, BYOD policies
03
4
oneneck.com
