Risk assessments are at the heart of every healthy cybersecurity program. They uncover the unique risks facing an organization and tie them to a custom-built risk-reduction roadmap. Risk assessments address what to do to minimize the impact of:
- natural disasters
- technology failures
- ransomware or other malware outbreaks
- sudden loss of key employees
- myriad other potential events or disasters
Cyberstone’s risk assessments provide a comprehensive evaluation of your customers’ information security risks, a mitigation strategy for the identified risks, and a foundation for the risk management process. The risk assessment service is based on the globally-recognized NIST SP800-30 Guide for Conducting Risk Assessments.
Our security engineers will review the information systems and processes of your customer’s business to determine areas of risk including their likelihood and impact.
The risk assessment service is conducted in a highly-structured manner involving the steps below.
- System Characterization
- Threat Identification
- Vulnerability Identification
- Control Analysis
- Likelihood Determination
- Impact Analysis
- Risk Determination
- Control Recommendations
- Results Documentation
The output of the risk assessment is a document that includes risk statements with scored priorities and recommendations for safeguardswhere appropriate. This document will serve as a security plan for initiatives in the coming year and beyond.
Cyberstone’s risk assessment service will bring your customers closer to complying with the following regulations.
- PCI Requirement 12.2
- HIPAA §164.308(a)(1)(ii) (A)
- New York State Department of Financial Services 23 NYCRR 500 §500.09
- Gramm-Leach-Bliley Act §501(b)
- Federal Trade Commission 16 CFR Part 314 §314.4
Click below to learn more about our other services:
Internal and External Penetration Testing
Web Application Penetration Testing
