AutyFi Cyber Security Risk Assessment
CyberGRX Security/DR Audit
We recently passed a 3-month security and disaster recovery audit by CyberGRX, now ProcessUnity, validating us on all 30 control measures requested by a major client. CyberGRX validated us on all 30 control measures.We passed with flying colors. See the results below.In this process, we had to prove and document how we handle security, disaster recovery, failover, etc...You can obtain a copy of the report directly from CyberGRX. Alternatively, We have provided a copy of this extensive report for you to review. Here is the full 89-page CyberGRX vendor assessment report: Cyber Security Risk Assessment Most Recent or previous Cyber Security Risk Assessment 2019
We scored 94% between all Security Measures:
Assessment results
Inherent risk
Understand the potential or inherent risks - in terms of likelihood and impact - that a third party presents in the absence of controls or other mitigating factors.The likelihood of an attack is addressed by assessing an organization's surface area (size, complexity, and interdependence) and identifying any recent cyber incidents experienced by your organization or other incidents within the industry; impact is assessed by considering the typical connectivity between a third party and a typical customer based on the third party’s industry and services provided.
Control assessment
This section provides the output of the control assessment at the control family level.
Maturity Scores and Control Coverage Percentage (Framework View)
This view, organized by the CyberGRX integrated cyber security controls framework,shows the control group maturity scores as well as maturity and coveragescores of the associated control families.
Residual risk
Residual risk is the portion of inherent risk that has not or cannot be reduced through effective control implementation and remain a threat to the organization.
Residual Risk: Top Risks
The top risks that are more likely to impact a company are identified by using data about an organization's operating industry and asset exposure. Residual risk can be identified by evaluating the highest risk use cases associated with operating in a particular industry, mapping key controls to those use cases, and evaluating control performance.
Control gaps are derived by analyzing available organizational and asset exposure data to determine the highest impact use cases to an organization. By aligning controls to the use cases and threat models, inherent risk can be identified. Lastly, through the control assessment, security gaps represent residual risk.
Click here to learn more about our Security at the AutyFi Security Overview.