The first step an organization takes when evaluating its Cyber Risk is to have a Risk Assessment. PG360 has an in-built Risk Assessment.
The Risk Assessment is based on the National Institute of Standards and Technology recommendations commonly known as NIST guidelines.
The prologue from the “Guide for Conducting Risk Assessments” is a reminder that not only companies but each of their employees and other stakeholders are not only responsible but also accountable in ensuring that the organizational cyber protection is implemented and maintained.
Prologue
“… Through the process of risk management, leaders must consider the risk to U.S. interests from adversaries using cyberspace to their advantage and from our own efforts to employ the global nature of cyberspace to achieve objectives in military, intelligence, and business operations…”
“… For operational plans development, the combination of threats, vulnerabilities, and impacts must be evaluated in order to identify important trends and decide where effort should be applied to eliminate or reduce threat capabilities; eliminate or reduce vulnerabilities; and assess, coordinate, and deconflict all cyberspace operations…”
“… Leaders at all levels are accountable for ensuring readiness and security to the same degree as in any other domain…”
–THE NATIONAL STRATEGY FOR CYBERSPACE OPERATIONS OFFICE OF THE CHAIRMAN, JOINT CHIEFS OF STAFF, U.S.DEPARTMENT OF DEFENSE
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
The PG360 Risk Assessment is a comprehensive Risk Assessment that provides companies with a complete Risk Assessment thus allowing the company an opportunity to evaluate its current state of cyber readiness. Knowing the current state is important. Knowing what to do is even more important.
And that is provided by a comprehensive work plan. The work plan allows the company to know exactly what to do, how to do and to track the actions until the risk assessment findings have been completed and the organization can be comfortable that they have taken the necessary precautions to protect themselves from a cyber-attack.