The Cybersecurity Risk Assessment (CRA) is an online Risk Assessment and Management software tool (implemented and facilitated by training and online support) that allows enterprises to regularly check whether their cybersecurity profile is prepared for and resilient to cyber-attacks. It is a continuous improvement tool which gives enterprises the opportunity to improve their systems based on an informed analysis of their risk level allowing them to take action to mitigate those risks. The Cybersecurity Risk Assessment process is based on internationally recognised cybersecurity standards including the Irish National Cybersecurity Centre (NCSC) 12 Steps to Cybersecurity framework, UK Cyber Essentials, USA National Cybersecurity Framework (NIST) and key parts of ISO 27001.
The programme consists of:
- 12 month licence to the online CRA system
- Initial workshop to understand core principles of Risk Assessment and how to use the CRA system
- Bi-weekly group online check-in sessions
- Final one-to-one online review session to complete the self-assessment
- Remainder of the 12 month licence period to manage, update and implement actions in the CRA system
The CRA System
The CRA ia an online system which helps companies to manage, assess and address their cybersecurity risk profile across five areas:
This ensures you have a working information security policy, management of information assets, good employee cyber hygiene, effective user access management, provision of appropriate physical protection for information assets, and security education and training for staff.
Prevention (against cyber threats and attacks)
This includes Firewall protection, Anti-virus and Malware Protection, Patch Management, access controls, vulnerability management, protection at boundary access points, protection for individual devices, remote working and use of mobile devices.
Detection (of cybersecurity breaches, intrusions)
This includes allocation of duties and responsibilities to identify breaches, threat monitoring and effective processes to identify technical vulnerabilities of systems in a timely manner and ensure appropriate threat mitigation measures are taken.
Response (to incidents)
Procedures for the identification, reporting, investigation, recording and managing of cybersecurity breaches.
Recovery (business continuity)
Recovery procedures, plans, polices and processes in place and tested to ensure efficient and timely Business Continuity Management.
- Reassurance to customers and suppliers that you are taking steps to mitigate cybersecurity risks
- Document and track actions arising from reports generated by the system
- Maintain a register of cyber-incidents, near misses, etc.
- View your high-level cybersecurity risks and the status of outstanding actions in a simple online dashboard
Who should use it?
Suitable for owner-managers, technical staff, cybersecurity practitioners or consultants or anyone with cyber security responsibilities.