In 2017, in the US there were more than 1,800 publicly disclosed data breaches at public entities. These breaches accounted for more than 361 million compromised records, with an average number of records lost coming in at more than 100,000.
The types of entities most often targeted were:
- 16%Â justice/public safety (i.e. courts and law enforcement agencies)
- 14% cities
- 11% counties
- 31% state level government
- 25% federal level government
The Security Health Check, offered through YourCISO and free to members purchasing cyber coverage, can help members assess their controls against threats like hacking (in sections like Asset Management, Operations Security, Access Control, and Systems Maintenance); insider fraud (in sections like Human Resources Security and Access Control); and accidental exposure (in sections like Operations Security, Suppliers, and Systems Maintenance) and provide ideas on how to improve.
For many, just beginning the Cyber Security Health Check process can provide food for thought on how the organization may fare against a cyber attack.
The assessment looks at the organization from these general areas:
- Security Program
- Risk Assessment
- Suppliers
- Asset Management
- Human Resources Security
- Physical Security
- Operations Security
- Access Control
- Systems Maintenance
- Incident Management
- Business Continuity Management
- Compliance
The goal of the health check is to provide a benchmark of where current practices stand and help leadership set priorities for where they want to improve.
Continuing to build upon the Health Check will allow members to improve their score, thereby increasing their overall security, as well as assist with setting near-term security improvement goals.
By signing up for YourCISO, not only do members have access to the security health check, you also have access to high quality information security resources and consulting services.
All services are fulfilled by experienced security professionals with the objective to assist organizations with the planning and management of their information security and risk management program, provide security awareness training, to respond to security incidents, and to teach organizations how to become security self-sufficient.
To get started today, click here.