SecuraPro Framework

Cyberspace has revolutionised how many of us live and work. The internet, with its more than 3 billion users, is powering economic growth, increasing collaboration and innovation, and creating jobs.

Protecting key information assets is of critical importance to the sustainability and competitiveness of businesses today. Companies need to be on the front foot in terms of their cyber preparedness. Cyber security is all too often thought of as an IT issue, rather than the strategic risk management issue it actually is.

Companies benefit from managing risks across their organisations - drawing effectively on senior management support, risk management policies and processes, a risk-aware culture and the assessment of risks against objectives. There are many benefits to adopting a risk management approach to cyber security, including:

Strategic Benefits

Corporate decision making is improved through the high visibility of risk exposure, both for individual activities and major projects, across the whole of the organisation.

Financial Benefits

Providing financial benefit to the organisation through the reduction of losses and improved “value for money” potential.

Operational Benefits

Organisations are prepared for most eventualities, being assured of adequate contingency plans.

Article 25 of the General Data Protection Regulation (GDPR) stipulates that “the data controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.”

In essence, this invokes the need for a comprehensive risk management approach to securing personal data, in order to determine the necessary safeguards required to adequately protect critical personal data. To expedite achieving compliance Octree has developed its own Information Security Audit Framework, Securaprotm, to allow organisations to carry out a high-level gap analysis of their security profile, identifying areas that need addressing. Based on a number of standards and certifications, including ISO27001, CyberEssentials and the Government’s 10 Steps to Cyber Security, it is a comprehensive yet easily understandable plain English programme designed to significantly reduce, or even remove, the confusion surrounding data protection and compliance.

Octree Cyber Essentials
Cyber security – don’t know where to start?
Talk to Octree, specialists in helping SMEs achieve Cyber Essentials status.
GDPR Survey

It focuses on the following 16 areas:

  1. Governance and Risk Management
  2. Security Awareness Training
  3. Data Protection / GDPR - policy
  4. Secure Configuration of endpoint devices
  5. BYOD – Bring your own Device management
  6. User Access Control and Password Policy, Control of Administrative User Accounts
  7. Business Continuity and Disaster Recovery
  8. Vulnerability Management
  9. Email Security for communicating sensitive data
  10. Controlling Email and Internet Usage for productivity, avoiding abuse and mitigating threats
  11. Physical Security of the environment
  12. Data disposal and Destruction
  13. Employee and 3rd Party Remote Access
  14. Staff Recruitment
  15. Cloud Computing Services
  16. Wireless Networking