Our team of experienced engineers will use all their knowledge and tools to find and suggest specific tasks to close a potential vulnerability to the internal and external network that could affect the business operation.
We contribute with the following steps:
Mass phish email sent to all employees
We identify the purpose and scope of the evaluation. It determines how and where sensitive data is created, transmitted and stored.
Threat sources and events
We identify the type of threat sources facing your organization (eg, adverse, accidental, structural, environmental) and the events that the sources could trigger (eg, phishing, power outages, etc.).
Vulnerabilities and predisposing conditions
By identifying threats, it identifies vulnerabilities, which can be associated with information systems or environments in which those systems operate. This will also identify the predisposing conditions to consider during the risk assessment (eg architectures and technologies employed, personnel, etc.).
Determination of the probability of occurrence
Using different levels, we determine the probability of hazard events occurring and causing adverse impacts.
Determination of the magnitude of the impact
Once the probability of occurrence is determined, we use tiers to determine the impact of hazard events.
The combination of the probability and the magnitude of the impact of a threat determines the risk to the organization.
Report the risk response (communicate results)
We ensure that the right people within the organization understand the right risk-related information to inform and guide decision-making. Risk assessment reports are often used to communicate within the organization.
Maintain the evaluation
Monitor the risk factors identified in the risk assessment and update the risk assessment as threats, vulnerabilities, and risks change.