GRC
This "C" in GRC stands for the standards and regulations that organisations must follow to ensure accountability and the protection of customer data.
What is Compliance?
This is the primary standard used to assess findings against in a CRTA.
What is the NIST CSF?
This is the typical contract length for a CISOaaS
What is 12 months?
This is the definition of TTX.
What is Tabletop Exercise?
This is the most common pre-assessment Barrier sells that we can also perform official certifications for.
What are Cyber Essentials pre-assessments?
This document is crucial for an effective incident response strategy and details steps to detect, respond to, and recover from cyber security incidents.
What is an Incident Response Plan?
This is the portion of a report provides the actionable steps to take to reduce risk.
What are the recommendations?
This is the security model Barrier uses to create a virtuous feedback loop between Operations, Incident Management, and Risk Management.
What is the Barrier Matrix (formerly Triple Helix)?
This is the typical length of a single TTX exercise.
What is 90 minutes?
This is an international cybersecurity standard pre-assessment that Barrier can perform but cannot officially certify.
What is ISO 27001?
This type of assessment evaluates the security practices of vendors to ensure they meet the necessary compliance and security standards before engagement.
What is a TPRM?
Defining this leads to more actionable and relevant risk findings from the technical assessment.
What is the risk profile of the organisation?
In an organisation, this document lists risks to the organisation, when they were identified, and what actions, if any, are to be taken.
What is a risk register?
This is the output of a TTX.
What is the Lessons Learned report (or After Action report)?
This is an ISAME standard based on Cyber Essentials but targetted for ships.
What is the IASME MCB (Maritime Cyber Baseline)?
This international standard provides the specifications for an information security management system (ISMS) to help organisations secure their information assets.
What is ISO 27001?
This is the optional add-on to a CRTA related to assessing email security.
What is the Ironscales Scan-Back?
These are the other 2 areas of cybersecurity covered by the CISOaaS besides Security Operations
What is Incident Response and Risk Management?
These are the typical findings of a TTX, besides knowledge, skills and processes, that an organisation can address.
This is the type of exercise that one would need to perform before agreeing to undertake any pre-assessment to ensure that the effort to assess is understood.
What is a scoping exercise?
Developed by the National Institute of Standards and Technology, this framework helps organisations manage and reduce cybersecurity risk in a way that complements an organisation's existing cybersecurity and risk management processes.
What is the NIST Cybersecurity Framework (NIST CSF)?
This tool is used to record and report on findings.
What is the ROC?
This is the one GRC area that a typical CISO would cover that Barrier's CISOaaS does not.
What is Compliance?
This is the certification that Barrier holds that attests to our expertise in delivering TTXs.
This is a cybersecurity standard that is US-focused but many UK technology companies seek to certify against it to be able to sell to US customers.
What is SOC 2?