CyberOne is an end to GRC Saas platform for all-size companies and teams.
Like many of our clients, if you are heading into your audit season or just looking forward to building a stronger, more efficient security program based on the alarming and increasing trend in ransomware attacks and data breaches, then CyberOne can help. CyberOne engages your people, processes, and technology to build a culture of risk. From good governance to understanding your gaps and putting your risk data to work to make decisions that benefit the business, CyberOne is a single source of truth for your company to govern, protect, and build.
When we discuss compliance with our customers, we always encourage you to start the compliance journey by, first, understanding your risks. Before you take your auditor’s IRL and simply build controls against it, first, decide whether your company has risk in that area. Where there is no risk, there is likely no need for a control. By adopting this approach, you can quickly tailor the scope of your audit to what is relevant to your company only. Our clients estimate that this approach has helped reduce audit time and costs by 30%. You can read about what our clients say about us here on Capterra.
You can build your risk register and manage findings from all your different sources – compliance review, vulnerability scans, pen test, audits, assessments, more. Use our API integration with Nexpose, Nessus, Qualys, AWS, Microsoft to pull your data into CyberOne, and push out the workflow with our own automated notification process, or through Slack or Jira (Engineers love us!). Ultimately, you will see how easy it is to scale and build a security governance, risk and compliance program in CyberOne that is based on your company’s priorities, needs, and objectives. And, we have experts to support you every step of the way.
Start today with our free risk assessment. You can choose from ISO 27001, SOC 2, CMMC, or CAIQ. We will send you an assessment and help you build a roadmap to meet your security objectives.
Make secure easy, and insecure obvious… [Credit: A wise customer of CyberOne]
Just recently, I had a conversation with a friend, who works for the U.S. Navy. She is overwhelmed with work as she teleworks from home because of the Covid-19. Her profession can easily be switched to telework, whereas other coworkers can’t, but that is no reason effective guidance cannot be provided. Here is what she had to say…
With the outbreak of Covid-19, we are dealing with an unforeseen occurrence, a black swan event. As a cyber professional, I hope organizations have a Continuity of Operations Plan (COOP) to initiate along with their Standard Operating Procedures (SOP). Many do have such plans, but for others, it is abundantly clear guidance is missing. It is not simply about “putting” the language into a document, “checking” the boxes, and copying off SANS Institute’s website. You need an AFFECTIVE plan than can be INITIATED, UNDERSTOOD and FOLLOWED by others.
My 10 Step Program
INFRASTRUCTURE IN PLACE:
Ensure internet connections work. Test your communication portals like Zoom, Skype, etc. Review security and privacy protocols, especially if you have roommates. Just because you are home, does not mean you be relaxed with security protocols. Consistency ensures efficiency. INVENTORY: Your organization should ensure you have access to the type of equipment you need to work remotely. You may need to take note what you have access to and communicate this effectively with management and make request for items you do not have. CLOUD-BASED CAPABILITIES: To ensure feasibility to the Internet, file-sharing, e-mail and unified communications via mobile applications, chat, etc., the right cloud-based tools need to be available. Check them.
As an employee, before reading up on any guides or joining a Team chat, make a commitment to yourself. This means planning, such as ensuring you cleared a space for yourself, not matter how small. Try to create a home office space, even at the kitchen table. This is your spot. Own it. STAY ORGANIZED: Create a personal “to-do list” each morning. Keep track of the time required (i.e. 8 hrs.). Consider creating your own timecard where you note hours spent on each ticket item. Ensure you have breaks and embrace the flexibility of working from home. But, at the end of the day, ensure you meet your objectives. WORK FLEXIBILITY: With being remote, you have flexibility with your start time and end time. Ideally, if doing 8 hours, you should commit to those hours. However, even I will scatter my time throughout the day or make it up on another day. It is all too easy to work during dinner, and before bed.
*Side note: I personally created my own classical music list off Spotify to ensure no distractions. I’m like a squirrel and can get excited about shiny objects, so my music keeps me on track and closed off to distractions.
Hopefully, your company has provided you with the right material to work remote. If not, no worries! Be accountable to yourself. You can ensure the chain of communication work. Some workers feel isolated, so it is important for your organization to maintain some sort of social contact with other employees. I suggest, if you have Office 365 or Zoom, to initiate a weekly Scrum Call at the beginning of the week and end. If this is not in place… be a star and create one or suggest it to management. DELEGATE: Embrace delegating. I’ve often come across employees who struggle with this. OVER-COMMUNICATE: Document everything to ensure colleagues are informed and information does not get lost through digital mail. I also create a Weekly Status Update or WSR (can download templates online) for my weekly meetings. I am amazed how organization and accountability and simple note taking can easily impress people.
PROFESSIONAL DEVELOPMENT AND ADVANCEMENT:
Take some time for you! Depending on how long you will be teleworking, being closed off can feel like you have fewer opportunities for training and professional development. With Covid-19, I personally think this is a great time for training! This challenge can easily be alleviated by communication between the supervisor and the employee, as well as effective performance monitoring on the part of the supervisor.