As companies connect to the internet, they not only avail of the benefits of internet connectivity, but if not managed properly, this connection can disclose internal information to the outside world. This information in the wrong hands poses a significant risk to the companies. In order to understand the Cyber/IT security posture of a company, the most basic way is to conduct a security risk assessment. Security risk assessment consists of vulnerability assessment and assessing risks posed by weak, incomplete or absent policy, procedures, personnel, technology and strategy related to IT Security.
At a minimum, an external security risk assessment consists of looking in from outside into the company’s network. This is done by scanning (like a hacker would) all the IP Addresses that the company owns to ascertain security vulnerabilities that any hacker can exploit. Similarly, internal vulnerability assessment enables the organization to understand the security posture of their internal laptops, desktops, servers and all other devices. The vulnerabilities could be due to misconfiguration, outdated patches or unsupported software and hardware.
Along with conducting a vulnerability assessment, a security risk assessment consists of identifying the assets (laptops, desktops, servers, network and other security devices) of the company, risks associated with the assets, what mechanisms the company has implemented to manage the risks, how are those mechanisms documented and managed (by personnel). This risk assessment gives the company and its executives a picture of the overall risks.
Our Services for Security Risk Assessment
- Vulnerability assessments that assist clients with external and internal vulnerability services. These services also include web-application vulnerability assessment. These may include physical security testing and social engineering testing.
- NIST 800-30 based nine-step Security Risk Assessment methodology
- Reports and remediation of issues that are highlighted during the security risk assessment.
- Developing policies and procedures as needed.