Cyber Security Baseline – Human Gap Analysis
The Cyber Security Baseline enables you to know and measure your staff risk. The Baseline provides you with an understanding of your staff security behaviour, and what are their strengths and weaknesses pertaining to cybersecurity awareness.
The Baseline report allows you to target your staff with exactly what they need most to mitigate the risks that they may present. It also provides a basis to measure against which will ensure that your security awareness program has the highest chance of success.
The Baseline incorporates staff behaviour (Past, present and perceived), corporate and cultural impact on behaviour, internal and external influences, and the corporate maturity towards the Human Factor.
The Baseline addresses staff attitudes, behaviour, knowledge, and the corporate impact to:
- Know what your staff really understand about cybersecurity?
- Know how they feel about your policies and corporate requirements?
- Know what their actual behaviour tells you about how they may respond to a cyber-attack?
- Ensure accurate and focused training, and not waste time and resources trying to train staff who already have great knowledge and behaviour in specific topics of cybersecurity.
- Measure, where are you now and measure the success of the program
- Show executives a significant “Return on Investment” from your program
- Report and plan your program of work
Cyber Security Maturity Audit
To truly understand your organisational maturity, we have developed the “Cyber Security Maturity Audit”.
Layer 8 Security reviews your existing cybersecurity program to understand how prepared you are to deal with today’s most sophisticated attacks. This review includes examining your relevant internal documentation and then meeting with individuals within your organization who understand how your security works in practice. Together, you and Layer 8 Security develop a profile showing where your capabilities are strong, where you can improve, and how you can mature across six key cybersecurity areas.
This audit Integrates the “Staff Cyber Security Baseline” (as described above), with the “Incident Response Audit”, “Security Culture Audit” and necessary Controls.
This program allows you to fully understand and measure the Maturity of your organisation pertaining to Human Cyber Security and what is needed to be done to ensure that your human risk program will succeed.
Security Cultural Audit
You can advocate for as many security strategies as you want, but if your culture does not reward certain behaviours to ward off social engineering attacks, no amount of security technology thrown at the problem will work. To quote workplace guru Peter Drucker, “Culture eats strategy for breakfast.”
A complacent culture is the biggest obstacle to getting employees to respect security protocols and adhere to best practices. Changing cultural attitudes demands a top- down approach, yet even with management buy-in, it will still take a lot of effort and patience to guide employees to adopt safer behaviours and habits.
Improving security awareness starts with gaining a high-level understanding of what a security culture comprises. To help create a more security-minded workforce, let us look at seven key dimensions of culture and what you can do in each of these areas to enrich a culture that promotes security-mindfulness.
Corporate Threat Profile Audit
The impact that the organisation can have upon the staff, contractors and visitors can play a significant role upon the manner in which people respond to cyber and physical threats.
This program is a great way to identify any holes within your security posture as well as any areas that may have adverse impact upon staff.
This is an audit designed to identify and document the existence and status for a recommended basic set of cybersecurity controls (human, policies, standards, and procedures) for an organisation.
The audit encompasses the following areas of analysis:
- General and Physical Security
- Account and Authorisation Management
- Confidentiality of Data
- Disaster Recovery
- Security Awareness
- Behaviour and Culture
- Compliance and Audit
- Policies and Controls
3rd Party / Vendor Security Audit
3rd Party Vendor assurance is the process of analysing and controlling risks associated with outsourcing to third-party vendors or service providers.
Unlike all other standard 3rd party/vendor audits, Layer 8 Security not only assesses the technology and processes but also the greatest cause of security breaches in vendors, their staff and the likelihood of them causing a breach to your organisation. We also assess the controls that they have in place to mitigate the risks.
Physical Cyber Security Audit
Physical cybersecurity focuses on the strategy, application, and preservation of countermeasures that can defend the physical resources of an organisation.
The primary threats to physical security include possible acts of human failure or error, inadvertent acts, deliberate acts of espionage or trespass, impacting the security of an organisation.
Physical and subsequent, human cybersecurity is often a second thought when it comes to information security.
Organisations have the daunting task of trying to safeguard data, equipment, people, facilities, systems, and company assets. The organisation could face civil or criminal penalties for negligence for not using proper security controls.
The outcome of the physical cybersecurity audit encompasses the identified risks and mitigation strategies to reduce the overall physical cybersecurity risk incorporating the following four facets:
- Identification and classification of your assets and resources (what to protect)
- Identification of plausible threats (who to protect it from)
- Identification of plausible vulnerabilities (the likelihood)
- Identification of the expected impact if bad things happen (the consequences)
Incident Response Audit
Many organisations are extremely concerned about potential and actual cybersecurity attacks, both on their own organisations and in ones connected to them. Dealing with cybersecurity incidents – particularly sophisticated cybersecurity attacks – can be a very difficult task, even for the most advanced organisations. Your organisation should therefore develop an appropriate cybersecurity incident response capability, which will enable you to adopt a systematic, structured approach to cybersecurity incident response.
Understanding the incident response plan ensures that in the event of a security breach, the right personnel and procedures are in place to effectively deal with a threat. How staff identify and respond to perceived incidents, the analysis and remediation procedure and the possible reporting of a breach is essential in building a strong plan to incident response.
However, many organisations do not know their state of readiness to be able to respond to a cybersecurity incident in a fast, effective manner. One of the best ways to help determine this is to measure the level of maturity of your cybersecurity incident response capability in terms of people, process, technology, and information and the preparedness, response and follow up activities.
Compromised Account Audit
The risk associated with compromised credentials lies not only in the threat of easy to obtain, unauthorised entry into organisations from the outside. The risk is magnified because compromised credentials upend many of the traditional risk mitigations organisations typically use and rely upon to bring assurance.
Historical Incident & Response analysis
Understanding how staff have previously behaved when presented with a security incident, allows us to better understand their behavioural and attitudinal characteristics. This in turn becomes a critical component of the analysis of their behavioural patterns and likelihood to re-offend.
Social Engineering
Social engineering ranges from Phishing attacks where victims are tricked into providing confidential information or downloading Malware, Vishing attacks where an urgent and official-sounding voice mail convinces victims to act quickly or suffer severe consequences, or physical Tailgating attacks that rely on trust to gain physical access to a building.
Phishing – with accurate measurement (The PC-Ratio Theory)
A new Phishing program which uses smart algorithms to accurately measure the success or your phishing program.
Security Awareness Training
Technology alone doesn’t provide your organisation with perfect protection from cyber-attacks. Australian built for Australian regulations and requirement, our Security awareness training turns users into cyber heroes and cultivates a security mindset and culture that prioritises the protection of your organisation’s data.
Facilitated Learning and Games
Layer 8 security has developed interactive courses and games utilising the services of a facilitator to run scheduled courses with your staff for any learning content. It has been evidence proven that this form of training increases the knowledge retention rate and ensures that staff actively participate in the training.
Security Workshops & Live Hacking Sessions
Layer 8 Security sessions highlight security and how the criminals hack staff. These are interactive sessions to encourage full participation and learning.
Games and Team Building
Team building and games encourage your staff to participate actively in the learning experience and allow them to have an enjoyable experience. Knowledge retention is increased from the traditional learning method of 5% to 75% using these tools.
Improve knowledge retention, encourage active participation, build collaboration, and team building, and finally, enhance cybersecurity knowledge and ultimately, change behaviour. By participating in these games, your staff will not only enhance their knowledge, but they will have fun doing it as well.
Reinforcing the messages taught during the education phase increase staff knowledge retention and helps to encourage a culture of security.
Layer 8 Security has developed an advanced tool to ascertain, not only knowledge retained but also to identify the depth of knowledge retained in each learning module undertaken.
Do not just create awareness, change behaviour, and measure the change.
For more information:
- Web: https://layer8securit2.wpengine.com
- Web: https://cyberescaperoom.com.au
- Email: [email protected]
- Phone: 1300 706 536