Who should use this standard assessment
Having good cybersecurity is now no longer an option, with increasing threats of cyber-terrorism, malware, and data theft. Moreover, substantial fines and loss of business are commonplace realities for non-compliant businesses. It can also be complicated and expensive for small companies to try and understand, plan and implement improvements themselves, or through hiring consultants.
Organisations that wish to identify weaknesses in their cybersecurity, check their GDPR compliance, and potentially apply for cyber essentials, can use this Standard self-assessment within Rizikon Assurance. This will assist with understanding the highest cyber risks the organisation faces, as well as their obligations under GDPR, all while keeping costs low and taking up a minimal amount of time.
How this Standard Assessment was developed
This standard assessment analyses your organisation's cyber risk using our Direct Attack Path Analysis (DAPA) algorithm, which was developed in conjunction with research from the Centre for Cyber and Security Sciences at City University, London.
Where the questionset provides detailed breakdowns of each section of GDPR, the information and scoring was derived from information provided directly by the Information Commissioner’s Office. Content captured for Cyber Essentials is based directly off the questions and scoring used for that accreditation process.
Questions, sections and scoring
The structure of the “Rizikon Standard” Assessment consists of 11 sections, covering the basic ground of Cyber Essentials, such as Anti-Malware and Intrusion detection, but also sections on GDPR and topics such as Employee Security for compliance reporting and DAPA, respectively. The assessment is designed to be as simple as possible, typically allowing completion in less than 30 minutes and instantaneous results.
Each section of the report will have different scoring applied to it. Rizikon provides an overall cyber risk rating, based on a scale from C to AAA (similar to financial risk). The DAPA algorithm provides a percentage score for each possible attack vector, higher being more secure. The report also lists recommended actions, with each action categorised as one of: High - Medium - Low. These recommendations are also presented for each attack vector individually. The section on Cyber Essentials will outline current Fails, Major Non-Compliances and Minor Advisory notes.