Cyber Security Risk Assessment

Information Gathering Phase

Active and Passive monitoring and analysis are done via multiple levels.  This includes network scanning and monitoring.  User and resource analysis on multiple Operating System and Applications.  Both technical and non-technical information is used to determine the current stance of the organisation along with the compliance requirements.

 

Technical Information

Technical Information is the data points that are collected using active and passive scans on the network environment.  Applications, Database Management Systems (DBMS), Access Control Systems, Identity and Access Management, and other resources.

Non-Technical Information

Company Policies, Standards, Procedures, Guideline and Baselines forms a bulk of the Non-Technical Information.  External Compliance and Governance are also considered, for example PCI-DSS when card transactions are involved.

Data Flow Analysis

Using network configuration on switches or physical network TAPs, bulk data is captured at elected locations or the core.  This is used as part of a deep-dive analysis to determine what type of traffic as well as the risk that the traffic may pose when unauthorized access and disclosure occurs.

Asset Management

Using all these attributes, a holistic view or the Enterprise is created and the Persistent Attack Vectors can be measured.  Once this is done, effective and efficient compensating controls can be implemented to create a ‘secure-environment’ which management defines the acceptable risk factor.

Real-time discovery

Real-time analysis

Knowledge Transfer

Cost-Effective Recommendations

Using a continuous discovery with vulnerability assessment addressing the issues that are a real-impact using data classification and Business Impact Analysis (BIA)

Process Phases

Depending on the size of the environment, the Cyber Security Risk Analysis can be broken down into multiple phases for reporting and milestone checkpoints.  Although there are distinct Phases, it does not mean that a preceding Phase will be closed as it is a continuous process.  A following phase will be initiated when adequate data points have been gathered.

Technical and Non-Technical Discovery

Risk Analysis and Vulnerability Assessment

Implementation of Compensating Control

Management Acceptance

Feedback is to management with technical staff involved to ensure that there is adequate knowledge transfer.  It is critical that Cyber Security Risks are communicated and company resources, such as a person or a department, is assigned the risk to manage.

For more detail, submit a information request under contacts or email info@sacs.co.za requesting additional information.