Executive level risk assessment designed to identify, mitigate and manage risks
Not knowing your vulnerabilities places your organization at risk for cyber attacks and ransomware. With an increase in online activity, cyber attacks have become more prevalent.
Protecting your organization’s assets and confidential data is a business decision, not a technical solution. Federal and state requirements, such as Ed Law 2D, SHIELD ACT, and the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) aim to mitigate cyber risks; however, the requirements are overwhelming for an organization to manage on its own.
The cost of not engaging in cyber and vendor risk services is likely to cost more than the initial engagement. Additionally, many districts will likely see a cost savings related to their cyber insurance as a result of properly identifying and mitigating their risks.
Our comprehensive service allows for a holistic assessment approach and includes all areas of cyber security:
- IT Security and Controls Audit — An independent third-party assessment to review, evaluate and report on security and administrative controls related to organizational risk.
- Vulnerability Scan — Identify vulnerabilities on your public facing assets through automated means.
- Penetration Test — Attempt to exploit known vulnerabilities of resources identified in vulnerability scan.
- Open-Source Intelligence Report — Identifies your organization and your employees’ data that may reside in the dark web or public internet. This information is typically used in social engineering attacks as well as during any penetration test. Specifically, potential IP addresses, breached credentials, social media and/or LinkedIn profiles for your employees, DNS Information, PDF files being hosted on your websites.
- Continuous IT Security Monitoring Reports — Scans of the district’s external facing resources will be conducted on a monthly basis. Analysis is centered on publicly-accessible systems that can be observed from the internet. Each report will include a summary of findings, the district’s current NIST CSF compliance rating and an executive summary.
- Mitigation Plan — A comprehensive mitigation plan with action items and potential resources to address all identified risks.
- Compliance Mapping — Mapping of regulatory compliance measures, specifically NIST CSF, with specific controls and standards for operational security.
- Health Check — A health check on severe and high-risk items identified as part of the assessment and penetration testing.
What You Can Expect
- Expert Guidance — Certified third-party risk assessment specialists will provide an independent analysis to identify your vulnerabilities.
- Better Preparation — Once you understand areas of weakness in your organization you’ll be able to take steps to protect, reduce and monitor cybersecurity threats and ensure vendor compliance with federal and state requirements.
- Everything You Need — We offer a full suite of risk assessment services so you can create and maintain a safe environment for all.
How It Works
- Contact Us — We provide your Executive Management team with a comprehensive overview of cyber security and vendor risks and how our services are designed to identify and mitigate risks.
- Work with Us — We coordinate and provide project management around all service deliverables.
- Make Changes — We communicate risks and respective recommendations to Executive Management.
- Ongoing Support — Risk management is not an event but rather a process. We provide continuous monitoring of your cyber and vendor risks for the length of the engagement.