Cyber Risk Assessments


Before the first security dollar is spent, you should know what you are trying to protect and who is trying to take it from you. An assessment is the logical first step. CYBERSALUS can help your organization meet your Government Regulatory Compliance (GRC) auditing and independent assessment requirements, whether that is FISMA, HIPAA, SOX, NIST RMF, or other formal auditing and assessment requirements. Additionally, we have developed an assessment that goes beyond compliance to provide real knowledge of your organizations threats, vulnerabilities and risks.

The question that many organizations would want to have answered is, “how vulnerable am I to being hacked?” CYBERSALUS created an innovative and proprietary methodology that provides a comprehensive and multi-disciplined approach to the question. Based on our backgrounds in defense and intelligence, we know that hackers and adversaries always try to find the easy or the unexpected way to compromise a system. We look at factors about the organization that, when viewed individually, may not seem relevant to the cyber security of a company, but when aggregated and analyzed present a remarkably accurate model of an organization’s overall cyber risk exposure. We look at things that no other computer security company looks at, because we know that is how the bad guys do it.

This CYBERSALUS Assessment contains a tailored and customized group of specialized security components. These components may include the following as appropriate:


Understanding how the outside world sees your organization can help narrow down the list of potential threat actors. Your overall public exposure, industry, press reports, negative news, patents, publications and other exposures can reveal important things about who would likely want to target you.


This analysis, as part of the larger assessment, can provide valuable insight to understand the credible environmental threats to your organization such as hazardous waste storage sites, flood, fire, earthquakes, crime, wind vectors and many more factors. Knowing the higher probability threats can help prepare you to develop realistic Business Continuity and Contingency Plans. CYBERSALUS uses geospatial intelligence analysts to provide an uncommon and invaluable picture of the threats that will give you the information you need to be prepared.


The best network defenses in the world may not help you if your data center is under-protected from a physical threat. Perimeter firewalls cannot stop an unauthorized insider from plugging into your network from the inside. This analysis will show you where your physical security is good, and where it is leaving you exposed. We provide specific and actionable recommendations on how to decrease physical intrusions and potential disruptions of operations.


This technique uses vulnerabilities scan engines and scan templates to identify network assets and identify known vulnerabilities. This scan can be done internally and/or externally to provide different views of the vulnerability exposure of the organization. Cyber security experts analyze the data to determine high criticality vulnerabilities based on your actual operations and network architecture. Routine and continuous vulnerability scanning and remediation of network assets is one of the best, and cost-effective ways for an organization to keep itself secure.


Estimates are that two primary web attack methods: cross site scripting and SQL injections represent 40% of the top network threats, and they can be launched from anywhere in the world. How vulnerable is your organization to these specialized attacks? CYBERSALUS’ Website Application Vulnerability Scan finds those vulnerabilities in thousands of web applications and provides clear instructions for closing the vulnerabilities that attackers would use first.


How do you know you are not leaking invaluable data from your networks? The Peer to Peer (P2P) Assessment uses patented technologies that monitor over 550 million users issuing 1.8 billion searches a day. This P2P assessment locates your leaked and exposed files and in some cases can identify exactly where it was leaked from your organization. We recommend remediation and risk mitigation to solve existing issues and prevent future leakage of important and sensitive documents.


Risk is a function of threat, vulnerabilities, impact and likelihood. CYBERSALUS is working with the world’s leading Quantitative Risk Analysis Experts to develop cyber risk event scenario matrices. This effort is scientific and gives a more useful metric of risk than the easier and more common qualitative models that rely primarily on opinion.

When guesswork is not enough and you are making important decisions about where to spend your security budget and what risks to mitigate first, you will want to have a solid quantitative basis for those decisions.

“We have entered into a new phase of conflict in which we use a cyberweapon to create physical destruction, and in this case, physical destruction in someone else's critical infrastructure.”

Former NSA Director and CIA Director Michael Hayden

Copyright © 2017 CyberSalus, LLC
1930 Isaac Newton Square
Suite 203
Reston, VA 20191
Office: 571.325.5712
Fax: 571.325.5701