Cyber Security Risk Assessment

Cyber Security Risk Assessment

Information Gathering Phase

Active and Passive monitoring and analysis are done via multiple levels.  This includes network scanning and monitoring.  User and resource analysis on multiple Operating System and Applications.  Both technical and non-technical information is used to determine the current stance of the organisation along with the compliance requirements.

People want to be good by default.  When a fraud is committed they would like to share this information, even though it is through a joke.  As investigators we need to listen to everything and connect the dots.– Mervin Pearce

Improve Your Incident Response :

Technical Information
Non-Technical Information
Data Flow Analysis
Asset Management

Using all these attributes, a holistic view or the Enterprise is created and the Persistent Attack Vectors can be measured.  Once this is done, effective and efficient compensating controls can be implemented to create a ‘secure-environment’ which management defines the acceptable risk factor.

  • Real-time discovery
  • Real-time analysis
  • Knowledge TRansfer
  • Cost-Effective Recommendations
  • One
  • Two

Using a continuous discovery with vulnerability assessment addressing the issues that are a real-impact using data classification and Business Impact Analysis (BIA)

Process Phases

Depending on the size of the environment, the Cyber Security Risk Analysis can be broken down into multiple phases for reporting and milestone checkpoints.  Although there are distinct Phases, it does not mean that a preceding Phase will be closed as it is a continuous process.  A following phase will be initiated when adequate data points have been gathered.

  • Technical and Non-Technical Discovery
  • Risk Analysis and Vulnerability Assessment
  • Implementation of Compensating Control
  • Management Acceptance

Feedback is to management with technical staff involved to ensure that there is adequate knowledge transfer.  It is critical that Cyber Security Risks are communicated and company resources, such as a person or a department, is assigned the risk to manage.

For more detail, submit a information request under contacts or email info@sacs.co.za requesting additional information.