By DeVry University
May 18, 2023
7 min read
May 18, 2023
7 min read
To defend against cyberattacks and safeguard critical data systems, public and private-sector organizations of all sizes need to make cyber security a top priority. With a cyber security assessment, which is sometimes referred to as a cyber security risk assessment, organizations can get a clearer picture of their vulnerabilities and risk level in terms of data loss due to cyberattacks and the long-term effects of those vulnerabilities.
In this article, we will take a close look at why organizations should conduct assessments, who benefits from them and the different types of assessments that serve a range of cyber security objectives. We will also present a step-by-step guide to performing a cyber security assessment.
Safeguard against data breaches: Protection against security breaches and the data loss that could result from them is a primary reason to conduct a cyber security assessment. A data breach involving the compromise or loss of customer data, financial information or intellectual property can have devastating short and long-term consequences, like a loss of revenue and potentially irreparable damage to your organization’s brand.
Provide a template for future assessments: Since this type of assessment is not a one and done test, performing your first assessment will lay the groundwork for a standardized and repeatable process that can be done on a regular basis, regardless of staff turnover or changes in operational processes.
Avoid application downtime: By reinforcing cyber security protocols and recruiting professionals with ample cyber security training, you can make sure customer-facing systems are functioning normally and are available when they need them.
Avoid regulatory issues: Stolen customer data could be deemed the result of failure to comply with regulations. One example of this are the rules and regulations required by the Health Insurance Portability and Accountability Act (HIPAA). The HIPAA Privacy Rule was enacted to create standards for keeping individuals’ health information private while allowing information to be shared between healthcare providers. Penalties for non-compliance with HIPAA’s Privacy Rule can range from $127 - $63,973 per violation.
Third-party risk assessment: This type of assessment is conducted to measure the level of risk that can come with third-party relationships, such as with vendors who have remote access to an organization’s data.
Social engineering assessment: Social engineering tactics are ways malware and spyware are often delivered, typically through emails. The goal of this kind of assessment is to audit the level of cyber security awareness throughout an organization by trying to covertly access data or a network via its employees. By evaluating their knowledge of cyber hygiene and ability to spot social engineering attempts, a plan can be developed to improve cyber security education if it’s needed.
Vulnerability assessment: These assessments are among the most frequently performed tests in the industry and are usually automated. Their function is to detect flaws within networks, code, data or applications. When vulnerabilities are found, security patches or updates are implemented.
Penetration testing: Often called ethical hacking, this assessment is used to test the weaknesses found in the vulnerability assessment. Using the same methods a malicious hacker would use to gain access to a data system, penetration testers scope out a company’s security structures and simulate an attack to identify where security needs to be strengthened.
Cloud security assessment: Essential for organizations using SaaS (Software as a Service), IaaS (Infrastructure as a Service) or PaaS (Platform as a Service), a cloud security assessment identifies risks and threats to cloud-based assets. It focuses on uncovering vulnerabilities in cloud infrastructure and neutralizing them using various access control management and governance measures.
How useful is this information to attackers or to our competitors?
If lost, could the information be recreated? How long would that take, and how much would it cost?
If information is encrypted, do you have a backup?
What are the potential financial or legal penalties associated with the loss or compromise of this information?
What impact would loss or compromise of the information have on our company’s daily operations?
What is the time required to bring devices and software back online? What does the potential business disruption look like?
What about long-term impact? What reputational damage could the loss or exposure cause?
Work with your stakeholders to create a complete list of all your important assets. This includes assets that produce revenue, as well as those that ensure data integrity to your users.
Data leaks which could occur as the result of poor configuration of cloud services or weak security policies and authentications standards. Here is where the loss of sensitive data like customers’ personal information could lead to a devastating loss of customer trust, revenue and reputation.
Insider threats, such as the misuse of information by authorized members of your team can also have devasting effects such as financial or reputational damage, regardless of whether it was intentional or accidental.
Service disruptions caused by a cyberattack could have sudden and two-fold consequences, resulting in a loss of revenue and potentially motivating your customers to take their business elsewhere.
Degrees & Programs
Tuition & Financial Aid
In New York, DeVry University operates as DeVry College of New York. DeVry University is accredited by The Higher Learning Commission (HLC), www.hlcommission.org. The University’s Keller Graduate School of Management is included in this accreditation. DeVry is certified to operate by the State Council of Higher Education for Virginia. Arlington Campus: 1400 Crystal Dr., Ste. 120, Arlington, VA 22202. DeVry University is authorized for operation as a postsecondary educational institution by the Tennessee Higher Education Commission, www.tn.gov/thec. Lisle Campus: 4225 Naperville Rd, Suite 400, Lisle, IL 60532. Unresolved complaints may be reported to the Illinois Board of Higher Education through the online compliant system https://complaints.ibhe.org/. View DeVry University’s complaint process https://www.devry.edu/compliance/student-complaint-procedure.html Program availability varies by location. In site-based programs, students will be required to take a substantial amount of coursework online to complete their program.
© DeVry Educational Development Corp. All rights reserved.