Risk Assessment

---

A Risk Assessment is a comprehensive review of your companies computer, network and application environment to understand what risks may be present and how they could impact your organization.  Sometimes, the risk are minimal and can simply be accepted as the cost of doing business.  Other times, the risk is too great to accept and a strategy is developed to remediate the risk completely or reduce it to a level you're willing to accept.  Don't worry, we'll walk you through this entire process. 

Below are the areas we focus on and why believe they're important in the defense of your environment and your data. 

If you don't know what you have, how do you know what to protect? While this seems like a simple concept, history has proven that most companies do not have a formal asset list detail all devices their company owns and is in charge of managing and maintaining.  We're review your listing to ensure that all devices are accounted for and are properly being managed.   

We also review Operating Systems in use, their patch level, their antivirus/antimalware status and local access to each machine to ensure you understand your risk for each asset you own or manage. 

Scanning your network and assets for vulnerabilities is an important part of understanding your risk.  We look at both external risks and internal risks to your environment to give a complete picture of where you stand.  

Policies tend to be the most overlooked area of IT and Cybersecurity.  While we understand the need for them, most do not have the background in policy development to implement them properly.  If you're one of the rare companies that has policies in place, we're review them to ensure they cover the appropriate areas and we'll also keep them in mind during our review to ensure they're properly enforced. 

During this phase, we look at all applications that are in use at the company to understand where your data lives and what applications are approved for use.  We then review access to those systems including elevated permissions and any mitigating controls put in place.  

We also review how your employees connect to your network.  This could be through the use of Active Directory, Azure or third party tools.  This step ensure we understand password complexity, user account policies and other controls that may increase or decrease risk. 

A walk through of all facilities will be performed to identify gaps in your physical security safeguards.  This could include confidential data left on desks, passwords found in plain site, doors not properly locked, etc.  

With over 98 Billion documents and counting, we'll search the dark web to see what information is being sold about your organization.  This could include personally identifiable information (PII), protected health information (PHI), usernames, passwords, banking information and more. Identifying this information for sale can help you protect the organization against the next cyber attack. 

Once we've completed our review, we'll build a comprehensive report to discuss major risk factors and strategies for moving forward to close the gaps found.  All companies have and will always have some sort of risk.  Our goal is to help you identify, understand and prioritize the current risks so you sleep better at night.