Cyber security assessments

It is no longer enough for a modern company to lock its office doors. Business is more and more based on information technology and information networks, therefore modern corporate espionage or data theft happens globally and invisibly through information networks.

Cyber security assessments and audits

elfGROUP conducts two kinds of organizational / IT infrastructure cyber security assessments:

  • elfSURVEY -- business risk driven walkthrough and documentation of corporate IT infra and technical protective controls
  • elfSWEEP -- an audit of administrative and technical controls based on a selected framework, e.g. CyberSafe or ISO 27001

elfSURVEY gives a general overview of the business IT requirements, cyber security risks of the company and the tools in use for managing the organization’s cyber security. As a result of elfSURVEY, the customer will be delivered an assessment report, a general description of business IT requirements, the cyber security risk mapping and prioritization, the definition of the desired target level of the cyber security, top level documentation for the IT infrastructure (necessary scope), and preliminary suggestions for the customer's cyber security development strategy.

A good understanding of the IT environment and its operation often leads to the identification of duplication and enhancement possibilities, which allows for simplification and cost reduction. At the same time, the whole will become more manageable and security will improve.

elfSWEEP is a cyber security audit for administrative and technical perspectives, following a selected criteria framework. elfSWEEP evalutes the cyber security management system of the target organization, as well as the technical IT environment and its management model according to the best field practices and / or the selected criteria. The service can be implemented either at an organization or at a system level, for example, to estimate an extranet service or an online store.

The customer gets a state of the art analysis of the company’s IT architecture and environment, applications, servers, and networks, as well as guidance on how to address the identified cyber security shortcomings. CyberSafe Corporate certification will be granted when the CyberSafe framework was used and no mandatory requirements were found to be unmet.

Cyber security assessments for companies of all sizes

elfSURVEY and elfSWEEP are suitable for any organization of any size. It gives answers and ideas for the cyber security development roadmap and means to start systematic development towards an adequate cyber security posture.

On the elfSURVEY implementation approach

In an elfSURVEY, we go through the company’s business, risks and the IT environment with the customer. The survey covers site locations, information systems and networks, interfaces, data streams, processing of workstation environments and information security management models. The process identifies both industry and company-specific cyber security risks. The target level of cyber security and key protection mechanisms are defined on a company-specific basis to ensure the correct dimensioning of the protections.

The data acquisition phase of the survey is carried out on an average of two survey meetings with the client and can be implemented either as a visit to a client, an online meeting, or a combination of these. Implementation includes interviews, business and IT environments surveys, and systematic examination of the information systems such as server environments, network interfaces, and cloud computing. The operating environment of the IT environment and the existing security mechanisms are mapped and documented.

Clear documentation and also practical and concrete instructions

After elfSURVEY data collection, elfGROUP cyber security experts analyze the collected data and assess the current situation of the company’s cyber security status, target level, and define a preliminary cyber security development plan. Based on the collected data and understanding, a technical documentation of the company’s IT environment is included in the survey report.

The strengths of elfGROUP’s cyber security survey is its customer-oriented and pragmatic operational guidelines that will lead the organization to concretely develop its cyber security.