Cyber Risk Assessment
What are the most valuable assets to your business? What if your information is already at high risk and you lose it? What would be the impact on your business, customers, and revenues? Could your organization afford to be down for just 1 day because of cybersecurity incident? Even more concerning, what if your critical information is already compromised and you don’t know it?
Tensecure provides Cyber Risk services tailored to meet your business objectives. Our approach is not merely your standard risk identification exercise using a cookie cutter framework, but instead we specifically design your risk assessment with the scope aligned to your business.
We provide a roadmap to address risks that is aligned with people, process and technology that aligns with your business and security program goals.
First, our team gathers the key details for your operating and business environments, including both technical and non-technical aspects.
Define the in-scope data and information systems.
Internal and external network maps, hardware and software inventories and configurations, interfaces with external entities, and standards, policies, and procedures governing the technical operation, maintenance, upgrading and monitoring of your systems.
Policies, standards and procedures governing physical security, personal security, training and expertise, vendor contracts and, insurance coverage.
We identify your protected information (data) and those systems where this data is protected. We then identify potential threats and vulnerabilities, and protecting controls associated with the protection of the information (data).
Obtain & Identify
Data flow analysis of networks, computer systems, internal-external system connections, business partners, outsourcing implementations, and controls.
Employee access; storage, transmission, protection & disposing; and authentication & authorization aspects.
Identify Risk Elements
Potential threats, vulnerabilities and compensating controls.
After our team identifies key data, systems and risk elements, we assess and rate/rank your risks to these systems using:
Collect & Record
Using data from personnel interviews, documentation reviews or surveys
Define impact and likelihood aligned with identified threats and other risk elements
Rate/rank risk levels based upon threats and likelihood by each control in scope
Our team conducts the following steps and provides you a roadmap to address your identified risks, including proposed mitigation efforts and estimates.
Use Risk Levels
Compare risks against your business’ appetite
Custom recommendations to mitigate risks for those controls failing to meet acceptance criteria
Roadmap report with executive summary and details for mitigating risks along with presentation of final results to customer stakeholders (including Q&A)