AutyFi Cyber Security Risk Assessment

AutyFi Marketing Team
(
)
August 29, 2024
Table of Contents

CyberGRX Security/DR Audit

We recently passed a 3-month security and disaster recovery audit by CyberGRX, now ProcessUnity, validating us on all 30 control measures requested by a major client. CyberGRX validated us on all 30 control measures.We passed with flying colors. See the results below.In this process, we had to prove and document how we handle security, disaster recovery, failover, etc...You can obtain a copy of the report directly from CyberGRX. Alternatively, We have provided a copy of this extensive report for you to review. Here is the full 89-page CyberGRX vendor assessment report: Cyber Security Risk Assessment Most Recent or previous  Cyber Security Risk Assessment 2019

Above you can see that we scored and rated a "very low risk" on 26 different security measures ranging ranging from Strategic, Operations, Core, and Management controls required for security and disaster recovery.

We scored 94% between all Security Measures:

Assessment results

Inherent risk

Understand the potential or inherent risks - in terms of likelihood and impact - that a third party presents in the absence of controls or other mitigating factors.The likelihood of an attack is addressed by assessing an organization's surface area (size, complexity, and interdependence) and identifying any recent cyber incidents experienced by your organization or other incidents within the industry; impact is assessed by considering the typical connectivity between a third party and a typical customer based on the third party’s industry and services provided.

Above you can see that we scored very low risk on overall exposure due to third party size, complexity and interdependence.

Control assessment

This section provides the output of the control assessment at the control family level.

Maturity Scores and Control Coverage Percentage (Framework View)

This view, organized by the CyberGRX integrated cyber security controls framework,shows the control group maturity scores as well as maturity and coveragescores of the associated control families.

Above you can see that we scored very low risk on 26 different security measures ranging in the categories of Strategic, Operation, Core, and Management controls for security and disaster recovery.

Residual risk

Residual risk is the portion of inherent risk that has not or cannot be reduced through effective control implementation and remain a threat to the organization.

Residual Risk: Top Risks

The top risks that are more likely to impact a company are identified by using data about an organization's operating industry and asset exposure. Residual risk can be identified by evaluating the highest risk use cases associated with operating in a particular industry, mapping key controls to those use cases, and evaluating control performance.

Control gaps are derived by analyzing available organizational and asset exposure data to determine the highest impact use cases to an organization. By aligning controls to the use cases and threat models, inherent risk can be identified. Lastly, through the control assessment, security gaps represent residual risk.

Click here to learn more about our Security at the AutyFi Security Overview.