This healthcare organisation had a number of technical and policy controls in place to assist in the management and enforcement of the organisational security policy. As part of its ongoing commitment to cyber security, the company required that the existing security infrastructure to be reviewed and recommendations for enhancements produced.
FarrPoint took an holistic approach to assessing the organisations cyber security infrastructure, which includes both technical and non-technical controls. For this reason, FarrPoint sees an organisation’s cyber security infrastructure as including soft as well as technical controls, all of which must be effectively enforced to provide maximum protection. In order to assess the company’s cyber security posture, FarrPoint evaluated and reported upon the following aspects of the security infrastructure:
- Technical controls in place, including a gap analysis of deployed technology against current good practice;
- Review of policy and procedural controls;
- Any suggested enhancements or improvements to the cyber security infrastructure.
FarrPoint reviewed several elements across the IT environment, which included:
- Technical Controls
- Policy Controls
FarrPoint provided a number of recommendations as to how to further improve the security across the organisation. A ‘RAG’ assessment was provided that indicated the criticality of the elements found in order that the company could prioritise and address these issues.