Performing Periodic Security Assessments

Project Name: Improve your business success

Cybersecurity breaches or attacks are a common occurrence for most businesses today. This implies that most operating businesses are vulnerable to cyber-attacks exposing them to the risk of data breach, hacking, phishing, and malware among others. One of the first steps towards ensuring data security is acknowledging the threats posed by
potential cyber-attacks and performing periodic security assessments to identify and address any weak points within your organization/business. The periodic assessments conducted should also include regular analyses and updates of your business’ devices and updating your operating systems and software. Even with the right cybersecurity enforcement measures, it is still necessary to conduct periodic
assessments in order to identify potential penetration points. When
conducting your security assessments, it is imperative that you
catalogue the business information assets used within your organization
such as your SaaS, IaaS, PaaS, and the IT infrastructures used. Consider this checklist when conducting periodic security assessments for cybersecurity threats.

Part 1 – Assessing Risks
1 Identify data that requires maintaining integrity and confidentiality.

2 Determine the most vulnerable IT systems, networks and software.

3 Analyze financial risks that may occur from a breach.

Checklist 1 – Performing Periodic Security Assessments

4 Identify systems, software, and networks that are more crucial to your
operations. 5 Put in place business continuity plans in case of an attack. 6 Determine which devices are at higher risks of data loss. 7 Identify personal data that requires anonymity. Part 2 – Cataloging Information Assets
8 Evaluate the nature of info collected by your departments. 9 Analyze your data sources. 10 Analyze the data storage devices and databases. 11 Identify the vendors used in your departments. 12 Analyze vendor access. 13 Evaluate the authentication methods used for information access.
14 Analyze the networks that transmit information. 15 Assess the servers collecting, storing, and transmitting information. Part 3 – Creating a Risk Management Team
16 Involve a compliance officer to ensure compliance with the NIST CFS. 17 Involve HR to gain insights on workers’ information. 18 Involve marketing to determine the type of data gathered. 19 Include senior management in the team to gather insights. 20 Involve a privacy officer in your team. Part 4 – Analyzing Risks and Setting Controls
21 Assess the likelihood of a cyber-attack on the assets. 22 Assess the impact (financial, reputational and operational).

Notes: •Check compliance with the National Institute of Standards and
Technology’s Cybersecurity Framework (NIST CSF) and the Information
and Accountability Act (HIPAA).