View
0
Download
0
Category
Preview:
Citation preview
Social Media Vulnerability Assessment
This exercise is ‘technical’ only in as far as the participants themselves are and is designed to
highlight the general cyber knowledge (or otherwise) within an organisation. The process will
highlight areas of weaknesses and threat where these may not have been previously imagined. It
comprises two elements:
• Cyber Audit: a number of one-on-one conversations with key figures from across the
organization, for discussion of their cyber practices, company policies and the comparative
strengths and weaknesses of these,
• Social Media Vulnerability Assessment: a review of the social media use and practices of a
number of employees, with a view to determining where these are open to threat.
The exercise will inform the key figures within the organization of the dangers that current cyber
practices invite, and determine where the leaks can be plugged to ensure a more holistic cyber-
security posture.
Who should participate in the Exercise?
For this exercise to work effectively it is necessary to engage with employees from across the
whole spectrum of the organization, from senior management to associates, and including
departments such as HR and IT. It is a key predication of the assessment that cyber-security relies
on buy-in at all levels of a company, rather than being left as ‘someone else’s problem’. Hence, it is
advisable that at least one individual at each department/level attend the interview strand, while
a few dozen names from across the entire company are passed over for the SMVA aspect.
Depending on the number of interviewees, it is estimated that a full day on-site will be needed to
conduct the Cyber Audit. The SMVA will be conducted off-site over a week prior to the day of the
Audit itself.
Duration
About the Exercise
Both the Audit and the SMVA will tackle a number of core areas essential to managing and
understanding the cyber-security risk as follows:
• Policies: IT, Social Media, Business Recovery
• Wi-Fi and network access and restrictions
• Passwords and encryption
• Personal use of the Internet while at work
• Social engineering
• Responses to Business continuity and crisis management
Benefits for the Individual
Both elements of this exercise will offer the company a sight of the ‘bigger picture’ of where it
stands with regards to cyber-security and crucially, the understanding that there are a wide
variety of threats that do not come at all from the traditional hacker routes – and many that do
not require outside hacking at all. For instance, the Cyber Audit might highlight that permitting
guests and employees alike to use corporate Wi-Fi exposes the company to whatever bad actors
may care to do to it (such as obtaining copies of all files and emails sent over this network) and
the Social Media Vulnerability Assessment may indicate that certain employees, due to the
quantity and personal nature of the information they post, are susceptible to social engineering.
Both the Audit and the SMVA will indicate where inherent policies and practices regarding all
things ‘cyber’ put an organization at risk; how employees can unwittingly contribute the most to
this; and how organisations can mitigate against these and improve their threat posture in both
the short- and long-terms.
Cumulatively this will provide the organization as a whole with a better understanding of the
nature of all the threats and how they can be countered.
Key Features
[0044] 207 451 1191
info@kcsgroup.com
www.kcsgroup.com
Contact us To find out more or to arrange a meeting to discuss your business needs, please contact us:
Recommended