The CYRA certification model consists of four steps
CYRA stands for “CYberRAting”. A tool to map digital resilience of companies and get started with improvements.
- Information security and privacy policies
- Access security
- Registration and deregistration of users
- Access rights
- Roles and responsibilities in information security and privacy
- Monitoring, assessing and managing changes in supplier services
- Information security in adverse situations
- Information security awareness, education and training
- Reporting of information security events
- Physical security zone
- Generating, storing and reviewing log files
- Protecting information in networks and support systems
- Ensure security in the use of network services.
- Ensuring proper and effective use of encryption to ensure confidentiality, integrity and availability in line with applicable laws and regulations.
- Secure Development Policy
- Information security requirements in application design and procurement.
- Change management
- Secure login procedures.
- Technical and organizational protection against malware
- Prevent exploitation of technical vulnerabilities
- Purposes of the organization
- Records related to the processing of personal data