Risk is a function of the values of threat, consequence, and vulnerability. Addressing the sheer volume and evolution of cyber attacks is daunting for even the most security-forward IT teams. It requires an in-depth understanding of organizational risks and vulnerabilities, as well as current threats and the most effective policies and technologies for addressing them. Only by understanding their risks can organizations target limited security dollars to the technologies and strategies that matter most. We provide the level of understanding and expertise to strengthen overall security platforms and compliance postures.
Generally, we follow an 8 point process
1. Identify and understand your business processes.
2. Pinpoint the applications and data that underlie business processes.
3. Find hidden data sources.
4. Determine what hardware underlies applications and data.
5. Map the network infrastructure that connects the hardware.
6. Identify which controls are already in place.
7. Run vulnerability scans
8. Apply business and technology context to scanner results.