Project: Advanced Cybersecurity Risk Assessment Checklist

What is the “Advanced Cybersecurity Risk Assessment Checklist” (ACRAC)?

ACRAC allows any organisation to assess a status quo of their cybersecurity.

It’s a thorough, and constantly updated checklist to reduce common cyber threats organisations are confronted with.

Its goal is to raise awareness for vulnerabilities, thereby neutralising a majority of threat vectors an organisation sees itself confronted with, and making cyber security risks manageable. 

Once the checklist is completed, the results can be converted to action items to reduce the risks of cyber incidents to an organisation, and to mitigate common vulnerabilities.

Contribute to ACRAC?

The project is open source and anyone is encouraged to contribute ideas to the project. Until a platform is found, please join us and share ideas on our Discord Server: https://discord.gg/ZRJtEEP

Download ACRAC?

Creative Commons License
ACRAC Advanced Cybersecurity Risk Assessment Checklist by Lars G. A. Hilse is licensed under a Creative Commons Attribution 4.0 International License.

Version: 20190131.1

Download the latest ACRAC as PDF

https://www.dropbox.com/s/wqt9hmfrbo6gc1o/20190130.1%20ACRAC.pdf?dl=0

SHA256: 025d5584fdf246f20e8d8da39cbd7d4b550d24767c3cd4b684e30acbdfee0cfc

Download the latest ACRAC as XLSX

https://www.dropbox.com/s/biu5g7x45zsdsdf/20190130.1%20ACRAC.xlsx?dl=0

SHA256: 657358656ea58b46e966d224ec05ab875f4807d27894471a575f4060b7e8ba10

Need older or more specialised versions? Join the server mentioned above and ask us.

History

In 2018 I was asked to brief the European Parliament about the risks of cyberterrorism. In talks after the public hearing there was a desire for a checklist of sorts. One that would allow an organisation to at least assess a status of where they are from a cybersecurity perspective.

What ensued was a painstaking search for something out there… yet there was nothing that wasn’t a sales pitch by some company.

All publicly available information was then merged into, and spiced up into ACRAC, the Advanced Cybersecurity Risk Assessment Checklist.

How do you handle antivirus alerts

That depends on the policy behind antivirus incidence.

Should be alert be for a legitimate file, it can be white listed.

Upon the incident being positive and a malicious file being in the system, it needs to be quarantined and delete it.

After the quarantine the source of the file needs to be checked in order to determine where it came from and where the vulnerability is in order to prevent future incidents.

Overtime these anti-virus alerts can be fine-tuned so that’s the frequency of alerts can be reduced.