A Risk Assessment is an evaluation of the internal and external risks to the security and integrity of data on a network.
Base your information security program on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks.
A) The risk assessment shall be written and shall include:
(i) Criteria for the evaluation and categorization of identified security risks or threats you face;
(ii) Criteria for the assessment of the confidentiality, integrity, and availability of your information systems and customer information, including the adequacy of the existing controls in the context of the identified risks or threats you face; and
(iii) Requirements describing how identified risks will be mitigated or accepted based on the risk assessment and how the information security program will address the risks.
B) You shall periodically perform additional risk assessments that reexamine the reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and reassess the sufficiency of any safeguards in place to control these risks.
SecurityStudio S2 Org is a continuous cybersecurity risk management software platform that enables dealerships to create a defensible, insurable, and auditable cybersecurity program that meets compliance purposes. The platform is anchored in three main functionality engines:
Remediation Road Map
The platform drives users through the assessment process in an intuitive, and pragmatic manner to reveal any potential risks and vulnerabilities. It then automatically generates all the necessary reporting for all stakeholders, including your information security plan, per compliance requirements. Lastly, it produces a remediation road map that gives dealerships the blue print to continue to harden their security posture and ensure you remain in compliance with the Safeguards Rule.