Information Gathering Phase
Active and Passive monitoring and analysis are done via multiple levels. This includes network scanning and monitoring. User and resource analysis on multiple Operating System and Applications. Both technical and non-technical information is used to determine the current stance of the organisation along with the compliance requirements.
People want to be good by default. When a fraud is committed they would like to share this information, even though it is through a joke. As investigators we need to listen to everything and connect the dots.– Mervin Pearce
Technical Information is the data points that are collected using active and passive scans on the network environment. Applications, Database Management Systems (DBMS), Access Control Systems, Identity and Access Management, and other resources.
Company Policies, Standards, Procedures, Guideline and Baselines forms a bulk of the Non-Technical Information. External Compliance and Governance are also considered, for example PCI-DSS when card transactions are involved.
Using network configuration on switches or physical network TAPs, bulk data is captured at elected locations or the core. This is used as part of a deep-dive analysis to determine what type of traffic as well as the risk that the traffic may pose when unauthorized access and disclosure occurs.
One of the most difficult steps to complete is a Risk Analysis is the list of Assets in the Enterprise. Multiple tools and techniques are used to ensure a living ‘asset-register’. This includes new devices connected to the network and then is scanned to determine resources and possible vulnerabilities.
Using all these attributes, a holistic view or the Enterprise is created and the Persistent Attack Vectors can be measured. Once this is done, effective and efficient compensating controls can be implemented to create a ‘secure-environment’ which management defines the acceptable risk factor.
- Real-time discovery
- Real-time analysis
- Knowledge TRansfer
- Cost-Effective Recommendations
Using a continuous discovery with vulnerability assessment addressing the issues that are a real-impact using data classification and Business Impact Analysis (BIA)
Depending on the size of the environment, the Cyber Security Risk Analysis can be broken down into multiple phases for reporting and milestone checkpoints. Although there are distinct Phases, it does not mean that a preceding Phase will be closed as it is a continuous process. A following phase will be initiated when adequate data points have been gathered.
Feedback is to management with technical staff involved to ensure that there is adequate knowledge transfer. It is critical that Cyber Security Risks are communicated and company resources, such as a person or a department, is assigned the risk to manage.
For more detail, submit a information request under contacts or email email@example.com requesting additional information.