We review and analyze your current processes, procedures and infrastructure using our detailed Cybersecurity Questionnaire and Assessment Tools. We review and prioritize the risks and develop a plan that will help you to be better prepared for any Cybersecurity related events and issues.
Our assessment tools are designed to identify and address the Cybersecurity environment at your company, covering topics across infrastructure, people, processes, procedures and application software. Our professionals conduct a detailed review and analysis of your policies and procedures and create or update them as required. We conduct phishing tests, install software tools to analyze network activity and configuration, uncover email issues, and analyze compliance such as PCI and HIPPA. Our goal is to help you simplify and streamline your Cybersecurity processes and procedures, achieving a very high level of protection, while keeping the total cost within your budget and reducing the impact on your daily operations. We will provide you with a detailed document that will show the current state of Cybersecurity at your company, any issues and risks, and a recommended an action plan. The assessment is designed to identify the business risks at your company, prioritize them, and determine what security measures and tools are required in order to mitigate these risks in a cost effective manner.
In addition to evaluating external risks, we also spend time on the evaluation of internal risks. Insiders account for a large share of data breaches through accidental and malicious misuse of data. Intentional or accidental system breaches by company insiders can result in theft of intellectual property and other confidential information, financial fraud and down time. Since insiders do need access to certain areas of the company’s systems, it is imperative that the proper policies, processes and controls are put in place, taking into considerations employees’ privacy.
Our information security specialists will review your current setups and procedures as they relate to system security, such as currently used hardware and software, established policies and procedures, currently deployed security measures, available awareness training sessions, communication hardware and software and physical security. They will also interview some of your employees, managers and business partners, and conduct simulations and tests to verify that your business is not vulnerable to breaches by hackers, ransomware, malware, and theft or loss of data.
Explanation of Cybersecurity terms can be found here.
Our Threat Assessment study is comprised of over 250 topics and it covers the following areas:
- Risk management
- Business strategy and goals
- Social engineering
- Cybersecurity strategy and budget
- Areas of vulnerability
- Outdated operating systems
- Software applications being used
- Access control
- Cloud security
- Current Cybersecurity policies and procedures
- Currently deployed information security protection tools and their ability to thwart attacks and protect against malware
- Encryption procedures
- Current network architecture
- Adherence to commercial and government laws, policies and standards
- Assigned responsibilities of the different Cybersecurity tools and controls
- Currently scheduled security tests and periodic evaluations
- Security awareness employee training
- Cloud computing usage
- Protection against Advanced Persistent Threats (APTs)
- Monitoring of access rights
- Third party security management such as vendors and subcontractors
- Distributed Denial of Service mitigation (DDoS)
- Assess and prioritize vulnerabilities
- Access from company owned and personal devices such as tablets and cell phones
- Management and monitoring of Cybersecurity hardware and software
- Reporting and tracking of security issues
- Potential loss or corruption of data
- Exposure to ransomware & data breaches
- Exposure to data theft
- We will scan your current IT infrastructure for vulnerabilities
- Insider threats: risk of internal attacks by employees, ex-employees, subcontractors and business partners
- Password policies
- Wire transfer procedures
- Installed Firewalls
- Payment Card Industry (PCI) Data Security Standard (DSS) Compliance if relevant to your business
- Health Insurance Portability and Accountability Act (HIPPA) Compliance if relevant to your business
- Protection against Zero-day attacks
- Authentication & authorization
- Physical security
- Potentially misconfigured systems
- Legal exposure and Cybersecurity insurance
- Web content filtering
- Current IT and Cybersecurity skill set
- Previous Cybersecurity incidents
- Virtual Private Network (VPN)
- Intrusion Prevention System (IPS)
- Data storage & communications
- Assigned data confidentiality levels and locations
- Susceptibility to phishing attacks and cyber crime
- Incident response readiness including procedures and response team
- Backup and recovery
- Management of software updates and patches
The Deliverables Are:
- Cybersecurity objectives & strategy document that is created according to your requirements and company’s mission
- Detailed prioritized risks report and potential cyber threats
- Detailed threat assessment document that describes the current IT environment, issues and recommendations
- An ISO 27001 compliant comprehensive security policy & procedures manual. The ISO 27001 standards helps organizations keep information assets secure. Using these standards will help your business manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties such as customers or vendors
- Detailed proposal for software, hardware & services, including ongoing 365 x 24 x 7 managed services with the highest ROI according to your company’s priorities, objectives and budget.
- Multiple reports. See samples here.
- On-going monthly or quarterly meetings with your team to review the Cybersecurity landscape, tools, issues, procedures and policies.