About Us

DataForeSight's Cyber Information Risk Audit and Assessment

DataForeSight's Cyber Risk Audit and Assessment focuses on data management practices-- including email--at the subject area, information group and system level. The audit integrates information assets and examines how your organization uses these assets, and protects these assets from inherent and external risks. The audit traces data through its lifecycle and through your business processes-this is the singular way to ensure uniformity of practice and security. As a result of DataForeSight's audit, you will be provided significant insight into:

  • How data is entered and captured
  • How applications and user communities access and process data
  • Which vendors and third parties have access to your data
  • Where the data is stored
  • What data contains live customer and employee information or company intellectual property information.
  • Gaps that may exist in insurance coverage for Cyber Risk
  • Gaps that may exist in ePolicies for email
  • Gaps that may exist in how your employees comply with email policies
  • eDiscovery procedures for the new Federal Civil Laws on email

This systematic and independent approach ensures that the information compiled can be utilized to enhance operational and administrative metadata. The audit develops a collection of views into the data including:

  1. Data Lifecycle Document - This document reveals a birth-to-death view of your data. By tracing data from acquisition or creation through its operational use, related analytics and reporting, and eventual archiving and disposal we identify user communities, regulatory impact points and replication events.
  2. Application Dependency Audit - This view examines which applications use or have dependencies on specific data and reveals logical and physical sourcing of the data.
  3. User Dependencies Audit - Based on data usage, the user dependency audit identifies user communities by job role and ties those roles back to the specific data. It identifies access restrictions and allowable activities performed against the data.
  4. Data Storage Audit - Identifies where data is stored, current retention periods, whether the data is a primary source or a feed into additional downstream or peer applications. The storage audit also identifies where data has been replicated and whether data has potentially no user communities at all. Does the audit only include online data, or do you look at hard copy as well
  5. Enterprise View - The enterprise view identifies opportunities to create master data sets and shared data at the operational, transactional and analytic levels. The opportunity to create single managed data sets from multiple data sets goes to the root of better-managed and controlled information, leading to improved security and potentially reduced storage and backup costs.
  6. Email Audit - Helps assess business and legal risks created due to inappropriate and unwanted outbound or inbound email messages. Companies learn if confidential company or customer information is being shared with, or sent to, unauthorized entities. Includes email policy review, business rules and metadata. Enterprises find out if email policies are being followed by employees; if email policies comply with new federal civil rules; look at inbound email activities; and determine effectiveness of current blocking and filtering. Review classification standards, retention, acceptable use, audit trails.
  7. Insurance Risk Audit - Pre insuring audits and assessments help identify where insurance dollars can most effectively be spent. These audits when done independently help both the insurer and insured eliminate un-necessary risk and exposure. We will also review the insurance coverage provided by your service providers managing critical applications. Key areas of risk that will be analyzed from an insurance perspective are:
    • Implantation or spread of a Computer Virus
    • Content Infringement (i.e. copyright, trademark, domain names)
    • Cyber Extortion
    • Breach of Privacy / Identity Theft (electronic and non-electronic)
    • Denial of Service outages
    • Destruction, modification, or disclosure of electronic data
    • Loss of Business Income due to a network security breach
    • Information theft and computer system resources
    • Fraud
    • Covered acts caused by Service Providers / IT Vendors
    • Expenses associated with breach of security notification law requirements

Summary - This assessment will identify client data assets, their application dependencies, user groups and location, vendor and third party groups and location along with a full email audit. Provide gaps between ePolicy and current legislation. Help measure and improve compliance with user community's activities. It will also provide a road map illustrating how data are sourced, integrated and distributed to various applications, stores and communities, gaps in insurance coverage from a Cyber Risk perspective. In addition to the audit, information risk, mitigation, and potential improvement opportunity assessments will be provided where appropriate.

Contact Us

Experience
Clients
Events
Partners
Contact Us
 

DataForeSight® | 7200 E. Hampden Ave, Suite 200, Denver, CO 80224
Phone: 303-278-2780 | E-mail: info@dataforesight.com