Welcome on FEDIL Cybersecurity assessment online tool 2.0 version !
Launched in 2019, the first version of the tool was based on a FEDIL-ICT & EY Cybersecurity study. A set of 50 Security practices was set to pave the way of companies and organisations in their Cyber security journey and to strengthen broadly the security footprint of Luxembourg. This tool aims at supporting companies and organisations in adopting a common approach in regard to the security objectives, security requirements and security measures across the Luxembourg market. It does not intend to be a deep technical standard but rather a mean to raise the awareness level of companies with regards to their exposure to and management of cybersecurity risks. As such it is quite focused on the fundamentals of security to help companies better apprehend this topic in an efficient manner.
The advanced version integrates updates on hygiene rules and new measures to be taken into account by companies with regards to COVID-19 impact. Indeed, the COVID-19 crisis has forced companies to rethink their organisation overnight and embrace new practices such as remote working or cloud services, which offered cyberattackers the opportunity to thrive. Moreover, the acceleration of certain threats like ransomwares or the rise of privacy concerns with GDPR have shown how security controls needed to be redesigned.
Some questions have been modified, some new ones have been added, and an emphasis has been put on remote working and mobility, vendor management and rising technology solutions.
This crisis has certainly shown how important it is for businesses to think through their current cybersecurity measures and how they have to be adapted or reinforced.
With these “business driven”, practical and easy understandable best practices, you will:
- Bench the risk profile of your company with those of competitors of the same size and within the same industry to adopt an adapted security roadmap,
- Be able to assess objectively your current level of security and to be back (e.g. risk analysis) to basics to fill the gaps,
- Among all best practices, start launching awareness campaigns targeting both in an out of IT organization to engage all your company in the security journey,
- Keep the Luxembourg Cyber community alive and continue to share and enrich the catalog of best practices : succeed together!
- Support FEDIL in identifying areas where there is a need for awareness raising on cybersecurity.
For each section, you should answer the two following questions :
- What is the minimum standard level of security standards that should be applied ?
- What is the level of security reached by my company ?
Please, use the following control maturity level rating scale:
- 1 - Non existant = Control is not designed/documented (i.e. in processes/procedures, dedicated checklist, assessment tool-s) nor implemented.
- 2 - Initial = Basic, ad-hoc, undocumented; changing capability may be in place with some technology and tools; limited local processes; limited organizational support.
- 3 - Managed = Partial capability is in place with a combination of some technology and tools; local processes covering some regions/business units or processes are repeatable but may not be good practice or maintained; limited organizational support to implement good practice.
- 4 - Defined = Defined capability is in place with significant technology and tools for some key resources and people; processes defined for some regions and/or business units; organizational guidance and support is in place for some key regions and/or business units.
- 5 - Measured = Mature capability is in place with advanced technology and tools for most key resources and people; consistent processes exist for most regions and/or business units; some governance is in place (accountability/ responsibility/ metrics) for most key regions and/or business units.
The first results are based on a FEDIL-ICT & EY study which has allowed to draw the first national picture of the current level of maturity of the Luxembourg market.