What is the ACT CyberSecurity System?
The ACT Strategic CyberSecurity System is a standards-based system to show you what you need to do to create the most effective cybersecurity program possible.
Prepared by a senior security engineer from Atlanta Cloud Tech, the CyberSecurity System shows you the specific steps you need to follow to clean up your business security vulnerabilities. The CyberSecurity System initial diagnostic report will take from three to five weeks to prepare. We use the Payment Card Industry Digital Security Standard (PCI DSS) as a basis for the system, and this means our report will make sense to any PCI expert. If you are required to use a 3rd-party QSA company for annual PCI assessment, the diagnostic report will reduce the amount of time and money the assessment takes. The PCI DSS standards Documents reside at the PCI Security Standards Council’s website. https://www.pcisecuritystandards.org/
Questions the ACT CyberSecurity System diagnostic report will answer:
- Are we spending the right amount on cybersecurity?
- Some companies have a good idea what their vulnerabilities are, but just don’t take them seriously enough.
- Some companies spend too much because they lack the skills to balance their risks against their security ROI.
- Are we spending that money in the right places?
- Building a wall will not stop birds from coming into your orchard and eating the low-hanging fruit.
- Putting a mesh enclosure over the entire orchard will not stop a flash flood from tearing down half your trees.
- Are we prepared in the event of a disaster?
- Do we have a disaster recovery plan in place, and how often do we test the plan?
- How sure are we that our backups are recoverable, and how long will we be down?
- How long is it going to take to discover we have a problem?
- Is there a plan for business continuity?
- Have we designated key employees, and do we have a succession plan in the event that one of these can no longer act in that capacity?
- Do we have a backup site to work from if our main location is taken offline?
- Do we have the proper insurance coverages?
- Do we have an asset management plan?
- Assets that are unknown or forgotten within the company can be lost or left running with no useful business purpose, wasting money.
- Assets become obsolescent and get more vulnerable with age. Do we have a policy for hardware and software lifecycle?
- Are our business practices and procedures up to date?
- Business procedures and processes need change as the environment changes, with new opportunities, M&A, and changes in the legal landscape.
- The best practice is to maintain annual reviews, and make changes supported by standards and procedures.