Benchmark – 3.3: Perform requirements analysis to identify and obtain data and evidence in support of cyber law inquiries and incidents.
Next, gauge and evaluate your organizations current state of security and protection protocols and mechanisms. Identify gaps, challenges and opportunities for improvement by conducting a thorough audit making sure to:
1. Identify the industry specific cyber law in relation to inquiries and incidents.
2. Assess the critical information infrastructure. Determine the configuration of doors, windows, logical controls, data storage and encryption, firewalls, servers, routers, switches, hubs, and so forth to be compliant.
3. Identify key vulnerabilities points and strengths. Show compliance using a test case (pass/fail requirement). Demonstrate an actual compliance test of server, workstation, etc. that indicates what passes or what doesn’t.
4. Indicate the legal elements and liability (costs) that the organization may encounter for non-compliance.
Place your findings in a report that will be reviewed by the CIO and System Security Authority (SSA).