תקן אבטחת מידע
ISO 27001
Information security survey
A cyber risk survey is a process of identifying, analyzing and assessing risks. A cyber risk survey helps ensure that the cyber security control measures you have chosen are appropriate for the risks facing your organization.
As part of the survey, we will map the organization's assets and assess the level of risk and its effect on the type of information and its importance. After this comprehensive assessment, it will be possible to adapt the most effective solutions to protect the information vital to the organization.
The findings of the survey will be checked periodically for the purpose of reducing the risks and managing them on an ongoing basis.
Who is an information security survey intended for?
Information security survey is intended for any size of organization: small, medium and large. The frequency of the survey varies according to the type of organization and its size, and it can be once per quarter for a large high-tech organization and at the latest once every 18 months for a non-high-tech organization.
The steps of the process
1. Mapping and study with the work processes in the company.
2. Reviewing all the existing information security procedures in the organization, adapting them to the types of systems and technological infrastructures that exist and producing a gap report.
3. Examining the existing information security policy and identifying points for improvement and preservation and which advanced measures exist today in order to optimize the cyber security system.
4. Examining the existing databases in the organization and adapting them to the legal requirements relevant to the company (privacy protection regulations, ISO 27001, GDPR and more).
5. Examining the awareness of the human factor in the organization through an employee awareness survey. Familiarity with cyber risks and network threats will be a great improvement in the protection of corporate information.
6. Comprehensive testing of all endpoints and servers in the organization.
7. Production of a summary report containing all the survey data and the recommendations for implementation.