What does a Cyber security test look like?

You are currently viewing What does a Cyber security test look like?

As an example of a security assessment methodology you could follow this 3-stepped approach.

STEP 1: Understanding Organisation Structure

  • Review the existing security measures being taken in the organisation to understand the overall security posture.
  • Who is tasked with these roles and responsibilities and who are the other stakeholders.
  • What are your existing Information Security Policies and Procedures. 

STEP 2: Gap Analysis

  • Understand ISO 27001/NATA and compliance requirements and obtain feedback on the state of information security of the organization in comparison to this.
  • Policies, procedures and other documents should be reviewed against ISO 27001/NATA and compliance requirements.
  • Based on discussions and document reviews, the information security gaps w.r.t ISO 27001, NATA and APP requirements will be identified. 

Step 3: Reporting 

  • Executive Summary: A brief version of a report should be provided to Management and Board to highlight security maturity of the organisation and highlight key findings and road map.
  • Gap Analysis Report: A detailed report with findings against each domain of ISO 27001/NATA should be created. The security risks emanating from the findings will be identified and rated based on level of risk to the organization. 
  • Recommendations: Projects and initiatives to remediate weaknesses and enhance the security posture of the organisation should be listed against each finding.
  • Roadmap: A prioritised list of projects and approaches for maximum effect and security enhancement should be created. Easy wins should be identified to help improve security the posture in short term, while others may require more time and effort to implement based on criticality and level of security risk.

Charlotte Walker

I'm the National Account Manager and CEO-in-waiting for Digital Engineering Corporation (DEC). We help business leaders and IT managers reduce their IT maintenance costs and achieve their business goals because our approach is pre-emptive, predictable and purposeful. As an entrepreneur myself, I know consistent and predictable network uptime contributes to a business's bottom line, brand recognition, and market reputation.