Aug 13, 2015

How to determine my organization's cybersecurity risk profile?

What's the best way to review our risk profile and whether we are taking the necessary steps (and have the systems in place) to protect against current and future threats? btw, I work at a mid-size company - about 5K employees, most of whom use mobile devices.
You need to create a baseline audit on all your hardware and software devices on and off the network, IOT. Dedicate resources to perform security hardening, software and hardware. Use NIST, STIGS, FIPS, CC. Use the right security tools for pen testing, vulnerability & mitigation management assessments & techniques. Have a common sense guide to mitigating insider threats. Provide training and access to research and educate your security staff and accountability teams. Create accountability teams consisting of HR, security, audit, legal, Sr Management and selected trusted employees. Security policy and procedures for business alliances and third party vendors, U.S. and International.
There are quite a few helpful resources on the California Department of Technology website, including some statutory guidance (not sure whether that is needed in your particular situation) and assessment/audit checklists.
Answer this