Infosec Consulting
  • Home
  • Blog
  • Services and Products
    • Top 10 Assessment
    • Cyber Risk Assessment
  • Book an Appointment
  • Home
  • Blog
  • Services and Products
    • Top 10 Assessment
    • Cyber Risk Assessment
  • Book an Appointment
Picture
Cyber Risk Assessment
​
​Security maturity business interview, technical interview, network scans, closing with a consultative Executive Briefing.

The Cyber Risk Assessment is an educational assessment that provides you a snapshot of the state of security in your business and immediate and mid-term guidance for practical risk reduction.
Sample Plain Language Summary
Figure 1 - A snippet of the Plain Language Summary included with the assessment.

Security Lifecycle Analysis
Figure 2 - Security Lifecycle Analysis, explaining the state of Protection, Detection, and Response.
We gather data through a series of technical scans, open-source intelligence (OSINT), interviews, and other discretionary techniques. The output of these processes are then collectively interpreted and used to produce a customized Executive Summary. 
The project concludes with an interactive executive briefing with prioritized findings and guidance for security maturity. After the briefing, the written summary and any supporting documentation will be delivered electronically. These deliverables may be used either internally or with 3rd parties to guide risk reduction efforts.

How we do it
  1. Data Gathering: Conduct business and technical interviews, network scans, and open-source intelligence gathering
  2. Data Processing: Analyze the data gathered and build an executive summary
  3. Consultative Briefing: Present findings and provide collaborative guidance for improving security maturity

Conclusion: Consultative Briefing
​The Cyber Risk Assessment ends with a consultative executive briefing for company leadership and technical lead(s). During the meeting, we review findings in an executive summary report and discuss prioritized recommendations to provide direction for your growth in security maturity.
Figure 3 - Snippet of the Next Steps section of the summary report.

Prioritized Recommendations​
Technical punch list
Figure 4 - A snippet of the technical remediation punch-list.
Inputs
  • Security maturity interview
  • External vulnerability scan
  • Internal vulnerability scan
  • Open-source intelligence gathering (OSINT)
Outputs
  • Educational executive summary briefing with business-focused, prioritized findings
  • Consultative security maturity guidance
  • Technical remediation punch list
  • Technical vulnerability scanner reports (supporting documentation)

FAQ
What’s the difference between this Cyber Risk Assessment and a Vulnerability Assessment?
  • A Cyber Risk Assessment is a process of combining objective technical scan findings with an understanding of your business priorities gained through a personal interview. It results in a customized executive summary and a consultative final briefing. It’s focused on collaborative planning for security maturity.
  • A Vulnerability Assessment is typically a set of technical scan reports. It may or may not come with a customized interpretation for your business, but briefings are generally technical in nature.
    In short, an Assessment is a list of technical things that are wrong and which you need to do something about. There is much variability in whether you’ll receive strategic or tactical business guidance related to technology. 
Who should purchase THIS assessment? / Who is this for?
  • This is most beneficial for organizations of any size with low-to-moderate cybersecurity maturity
  • This assessment will give very practical, prioritized guidance to improve the overall security maturity of the organization
Is this a pentest / penetration test / hacking?
  • No, this is based on live interviews, open-source research, and a review of technical settings on various devices
  • We believe that penetration tests are often a waste of money until an organization reaches a moderate-to-high security maturity level; the money saved on penetration testing can be spent remediating real problems, therefore this assessment can be used to determine if a penetration test will be cost-effective
Is this an audit? Will this make me compliant?
  • No, this is not an audit
  • Since this assessment produces security best-practice recommendations, it may assist with compliance, but it is not designed to be a compliance consultation; "compliance" is a broad topic and you would need to pursue a gap analysis for the specific regulation/standard for which you're seeking compliance

About Us

Competencies

Book an appointment
We believe there is a better way.

Contact Us
​913-204-0227

Blog