Assessment-Implementation Plan for Information Protection: 3-Months Assesment

Cipher will be your organization's partner for security and compliance management in the Microsoft 365 environment. You are responsible for protecting your data, identities, and devices, while Microsoft vigorously protects Microsoft 365 services. You can use Microsoft 365 and Enterprise Mobility + Security (EMS) (or Microsoft E5) to help you achieve the right level of protection for your organization. To achieve an adequate level of protection in your organization, Cipher will follow these steps:.

• Step 1: Review capabilities Based on best practices, you need to perform a review of the information protection capabilities within your Microsoft 365 instance. To do this, Cipher will review the applicable legislation in the organization, these regulations may require you to protect, manage, provide rights and control over the information stored in your IT infrastructure, even on-premises and in the cloud. For example, GDPR Microsoft tools help align local legislations with tools

• Step 2: Check your security score After you set up your Microsoft 365 subscription and review its capabilities. Relying on Secure Score tools, Cipher reverts settings to increase its score. Secure Score helps organizations to: • Report on the current status of the organization's security posture. • Improve your level of security by providing discoverability, visibility, guidance and control. • Compare with benchmarks and establish key performance indicators (KPIs).

• Step 3: Access protection for identity and devices We will perform the necessary tasks to protectaccess to your Microsoft 365 data and services, it is crucial to defend against cyber attacks and protect against data loss.

• Step 4: Data protection based on data sensitivity Cipher's team of professionals will review file protection capabilities organized by three levels of protection and plan them for any future modifications.

• Step 5: Microsoft 365 Security and Compliance Center Cipher using the Security and Compliance Center will give you a single view of the controls you'll use to manage the Microsoft 365 security spectrum, including threat management, data governance, and search and investigation.

• Step 6: Use end-to-end security scenarios as starting points Using best configurations and best practice guides, as a starting point for sophisticated or enterprise-scale access security scenarios. For example, the shall be defined: • Secure email policies and settings • User policies in Azure infrastructure • Multifactor