Cyber Risk Assessments
CYBERSALUS’ COMPREHENSIVE ASSESSMENT PROCESS
Before the first security dollar is spent, you should know what you are trying to protect and who is trying to take it from you. An assessment is the logical first step. CYBERSALUS can help your organization meet your Government Regulatory Compliance (GRC) auditing and independent assessment requirements, whether that is FISMA, HIPAA, SOX, NIST RMF, or other formal auditing and assessment requirements. Additionally, we have developed an assessment that goes beyond compliance to provide real knowledge of your organizations threats, vulnerabilities and risks.
Understanding how the outside world sees your organization can help narrow down the list of potential threat actors. Your overall public exposure, industry, press reports, negative news, patents, publications and other exposures can reveal important things about who would likely want to target you.
GEOSPATIAL INTELLIGENCE ANALYSIS
This analysis, as part of the larger assessment, can provide valuable insight to understand the credible environmental threats to your organization such as hazardous waste storage sites, flood, fire, earthquakes, crime, wind vectors and many more factors. Knowing the higher probability threats can help prepare you to develop realistic Business Continuity and Contingency Plans. CYBERSALUS uses geospatial intelligence analysts to provide an uncommon and invaluable picture of the threats that will give you the information you need to be prepared.
PHYSICAL SECURITY ASSESSMENT
The best network defenses in the world may not help you if your data center is under-protected from a physical threat. Perimeter firewalls cannot stop an unauthorized insider from plugging into your network from the inside. This analysis will show you where your physical security is good, and where it is leaving you exposed. We provide specific and actionable recommendations on how to decrease physical intrusions and potential disruptions of operations.
TECHNICAL VULNERABILITY SCAN
This technique uses vulnerabilities scan engines and scan templates to identify network assets and identify known vulnerabilities. This scan can be done internally and/or externally to provide different views of the vulnerability exposure of the organization. Cyber security experts analyze the data to determine high criticality vulnerabilities based on your actual operations and network architecture. Routine and continuous vulnerability scanning and remediation of network assets is one of the best, and cost-effective ways for an organization to keep itself secure.
WEBSITE VULNERABILITY SCAN
Estimates are that two primary web attack methods: cross site scripting and SQL injections represent 40% of the top network threats, and they can be launched from anywhere in the world. How vulnerable is your organization to these specialized attacks? CYBERSALUS’ Website Application Vulnerability Scan finds those vulnerabilities in thousands of web applications and provides clear instructions for closing the vulnerabilities that attackers would use first.
How do you know you are not leaking invaluable data from your networks? The Peer to Peer (P2P) Assessment uses patented technologies that monitor over 550 million users issuing 1.8 billion searches a day. This P2P assessment locates your leaked and exposed files and in some cases can identify exactly where it was leaked from your organization. We recommend remediation and risk mitigation to solve existing issues and prevent future leakage of important and sensitive documents.
QUANTITATIVE RISK ANALYSIS
Risk is a function of threat, vulnerabilities, impact and likelihood. CYBERSALUS is working with the world’s leading Quantitative Risk Analysis Experts to develop cyber risk event scenario matrices. This effort is scientific and gives a more useful metric of risk than the easier and more common qualitative models that rely primarily on opinion.