As companies connect to the internet, they not only avail of the benefits of internet connectivity, but if not managed properly, this connection can disclose internal information to the outside world. This information in the wrong hands poses a significant risk to the companies. In order to understand the Cyber/IT security posture of a company, the most basic way is to conduct a security risk assessment. Security risk assessment consists of vulnerability assessment and assessing risks posed by weak, incomplete or absent policy, procedures, personnel, technology and strategy related to IT Security.
At a minimum, an external security risk assessment consists of looking in from outside into the company’s network. This is done by scanning (like a hacker would) all the IP Addresses that the company owns to ascertain security vulnerabilities that any hacker can exploit. Similarly, internal vulnerability assessment enables the organization to understand the security posture of their internal laptops, desktops, servers and all other devices. The vulnerabilities could be due to misconfiguration, outdated patches or unsupported software and hardware.
Along with conducting a vulnerability assessment, a security risk assessment consists of identifying the assets (laptops, desktops, servers, network and other security devices) of the company, risks associated with the assets, what mechanisms the company has implemented to manage the risks, how are those mechanisms documented and managed (by personnel). This risk assessment gives the company and its executives a picture of the overall risks.
Download our Security Risk Assessment Service Spotlight Flyer
Our Services for Security Risk Assessment
- Five-Pronged Approach to Assess Risk:
- People
- Communication
- Process
- PII/PHI
- Tools/Technology
- Adherence to NIST SP 800-30 based 9-step Risk Assessment Methodology
- Penetration Testing and Vulnerability Assessments (Assets) - External and Internal
- Penetration Testing (Web Applications)
- Social Engineering Testing - Physical, Vishing, Phishing
- Business Associate and Third-Party Vendor Risk Assessments
- Asset Management
- Development of Remediation Plan and Implementation of Remediation Measures
- Development of Policies and Procedures for Cybersecurity and Compliance Requirements
The Challenges of Do-It-Yourself Security
Internet connectivity comes at a price. Companies expose intellectual property and data not only to customers and third-party partners but also to internal employees. Business are exposed to inadvertent or event malicious data leakage. A company's information in the wrong hands, poses a significant risk - a risk that no business needs.
- We need to know that we are safe from outside threats as well as inside threats.
- We need to know that our intellectual property, payroll and personnel data, financial information and strategic plans are secure.
- We need to demonstrate compliance with best security practices, financial and healthcare regulations and other requirements.
