methodology
Consilience: The principle that evidence from different,
unrelated sources can converge on strong conclusions.
assessment
Assess technical vulnerabilities and cybersecurity risk on an enterprise scale
Specify risk-relevant processes, workflows and cultural artifacts that can lead to information compromises
Examine cybersecurity risk in context and in light of business requirements
Create models, frameworks and metrics that enable deeper insights into cyber security risk and implications.
Recommend security controls that align with the organizational tolerance for risk
Suggest countermeasures to state-sponsored information collection efforts in high-risk countries
CYber security Risk assessment
Board Engagement
Enterprise Level Assessment
Security Governance
Root Causes &
Systemic Risk Factors
Resilience
Macroscopic Security
Controls
Risk-Relevant Organizational Features
Technology & Business
Operations Assessment
External View
Internal View
Attack Surface Discovery
Third party Dependencies
Vulnerability
Scan
Independent
Ratings
Recon Tools
Functional Discovery:
Interviews on Business Processes, Cyber and Physical Security Technologies, Information Assets
CIS Controls
Gap Analysis
Basic Hygiene
Foundational
Advanced
ANALYSIS: RISK-RELEVANT OBSERVATIONS, CORRELATIONS, VULNERABILITIES & RECOMMENDATIONS ON REMEDIATION.
ENTERPRISE RISK ASSESSMENT
TECHNICAL RISK ASSESSMENT
Interviews and
Model /Metric Formulation
Business Requirement, Operational Constraints and The Tolerance for Security Risk
Interviews and Vulnerability Scans
Approach to Cybersecurity Risk Management
Information Management
IT Administration
Risk-Relevant Organizational Features
External
Attack Surface Discovery
Third party Dependencies
Internal
Technical
Vulnerabilities
Security Control Gaps
DATA ANALYSIS AND SYNTHESIS
CYBERSECURITY RISK MANAGEMENT AND
GOVERNANCE RECOMMENDATIONS