If your organization is purchasing another business, there are key moves to make before, during, and after the acquisition. This cybersecurity assessment should play a big role in how you bring the company into the fold.
What to Do Pre-Acquisition
Perform a risk assessment or security audit: Engage third-party experts to evaluate IT operations from a cybersecurity perspective thoroughly.
Dissect the risk profile: After the assessment, you should be digging into the risk profile to determine the level of maturity of cybersecurity as well as critical gaps.
Consider any legal or compliance requirements: Depending on the industry and location, you should review the assessment to determine compliance with regulatory requirements (i.e., HIPAA for healthcare).
What to Do During the Acquisition
Review the policies in place for incident response, business continuity, and disaster recovery, if available.
Develop an asset inventory list to determine all the physical, logical, software, and other equipment related to IT operations.
Check on physical security measures related to assets on-prem and those in co-location data centers.
Determine what, if any, access controls are in place.
Create a plan to integrate, migrate, or consolidate the IT infrastructure. You’ll need a detailed plan on how you’ll move data and applications from their control to yours. Alternatively, you may decide they should remain separate but weigh the options of this in terms of accessibility and costs.
More Info: entry level it certifications
No comments:
Post a Comment