Cyber Risk DIVE
Delve into Vulnerabilities and Exposures to Cyber Risks
THE CONTEXT
In recent years, the digital transformation of business processes has led unexpected increase of cyber-attacks in cyber attacks, which has made companies aware of the widespread and unpredictable risk posed by cyber-crime.
Since reputational and business impacts also involve top management and company executive boards, all stakeholders are urged to find an answer to two key aspects linked to the root cause of the phenomenon:
“What is my cyber risk?”
“Is it possible to measure it?”
In relation to the protection of personal data processed and the related protection techniques adopted as well as the security measures adopted in cloud environments, it is declared that:
All users relating to cloud services can be requested from our Service Desk whose contacts are declared in the signed main contract.
The encryption used for https communication uses the TLS 1.3 protocol. The backup is encrypted and saved in a data center different from that of the production servers, located at least 300 km away from each other.
BIP is also available to provide all the support to allow the customer to implement their own cryptographic techniques if compatibility is permitted and security is guaranteed with the technology of pre-existing services.
The methods of managing security incidents for SaaS and cloud environment uses divide responsibilities as follows: the cloud service user opens a ticket to our Service Desk service (see above) which takes the incident into management, proceeds with the resolution and notifies the customer of the results.
The data centers used in the cloud services are AWS with data resident in the European community.
All personal data relating to cloud services will be made available for a further period of 30 days from the date of termination of the service or contract, after which they will be deleted from the primary servers. Backup copies will be deleted starting from the thirtieth day after the end of the service. The period for deleting backup copies will last an additional five weeks.
With reference to the services provided, BIP is responsible for the security of the logical infrastructure, while the customer is responsible for the correct use of the credentials assigned for the use of the services and for reporting any security events that may impact the service.
Customer data managed in cloud services is subject to continuous incremental daily backup policies with five-week retention. Restore tests are carried out periodically on the data in environments with the same levels of protection as the production ones in order to verify the correctness of the backup process. At the end of the restore checks, they are deleted. The results of the restore tests are recorded in a special register.
In the case of technical vulnerabilities that impact the services provided in the cloud, BIP undertakes to promptly implement the updates recommended by the suppliers of the vulnerable software. In the case of Vulnerability Assessment, the results and the remediation plan are shared with the customer.
By way of example and not exhaustively, the security measures that BIP adopts in the provision of SaaS services are:
Use of AWS, Cloud Service Provider Leader on the market at least TIER 3 in possession of ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018 certifications.
Logical protection of cloud environments with system isolation
Secure deletion of virtual environments and non-reuse of resources allocated to individual instances.
Continuously updated anti-malware measures
Carrying out Vulnerability Assessment and Penetration Test at each major release, using a mirror copy of the production instance so as not to generate disruption.
THE PRODUCT
Leveraging our long-standing experience in the definition of cyber risk management methodologies, we have developed Cyber Risk DIVE, our SaaS solution that is able to measure any existent cyber risk quickly and thoroughly, taking into consideration the specific business contexts (e.g., critical infrastructures), applicable threats (e.g., Ransomware, Advanced and Persistent Threats) and regulatory constraints.
The key differentiator of our solution relies on offering an all-in-one tool that can manage centrally all the cyber risks related to the following processes:
- Enterprise-wide risk management (Organisation Cyber Risk Management, OCRM)
- External third parties (Supply Chain Risk Management, SCRM)
- Merging & Acquisition (M&A Risk Management, MARM)
The intentional benefit of our complex algorithm, to which all the risk assessment variables are contributary factors, is a clear derived stand out representation of imminent cyber risks. Due to our intuitive dashboards, companies are enabled with the capability to pinpoint the required remediation actions, track the risk profile over specific periods of time and provide weighting to all endogenous and exogenous change exposure.
Key features
C-Levels View
Executive view of the main risk and compliance indicators
Cyber Risk DIVE helps C-levels in defining strategic and financial guidelines based on an understanding of the cyber risks affecting their Organisation. Our tool provides an immediate snapshot of Cyber risks in terms of Organisation, Business Processes and Applications/Systems, across all risk levels that range from Low to High.
Deep Dive View
Three scopes of application, considering the organisation and business objectives
Detailed view of the Cyber Risk Posture and Findings that emerged during the analysis in order to provide the Organisation with useful information in order to increase the Cyber Security posture and define remediation plans.
Digital Footprint
Set of digital activities of the Organisation
A detailed view of what an attacker can see from the outside, in a passive mode and without having any information or interaction with the resources of the Organisation.
Are you interested?
Fill in the form and you’ll be contacted by our experts!
