Services

inner-icon

Vulnerability Assessment

A vulnerability assessment is a comprehensive evaluation of cybersecurity weaknesses that exist in an information technology environment. The assessment will identify Common Vulnerabilities and Exposures (CVE) that could be easily exploited by a malicious attacker. In addition, the assessment will assigns levels of criticality of severity to each vulnerability and will provide actionable remediation recommendations.

Benefits Of Performing A Vulnerability Assessment

  • Test existing patch management program and system hardening for overall effectiveness.
  • Identify vulnerabilities that could lead to disruptive cybersecurity incidents or breaches.
  • Satisfy organizational and regulatory compliance requirements.
  • Gain an understanding of the improvements that need to be made to reduce the risk associated with cyber threats and vulnerabilities.

The Cyberstone Way Of Completing A Vulnerability Assessment

Cyberstone carries out a vulnerability assessment according to the globally-recognized NIST SP-800 115 standard. The assessor will identify areas of weakness such as missing patches, outdated firmware, unnecessary open shares, default passwords, incorrect permissions and rogue devices. Cyberstone will deliver a findings document that reports all of the identified vulnerabilities and a prioritized list of remediation efforts that need to occur.

Cyber Risk Assessment

Risk assessments are the foundation of every healthy cybersecurity program. They uncover the unique risk events facing an organization and tie them to a custom-built risk-reduction roadmap. Risk assessments provide shareholders and decision-makers with valuable information that can help them minimize the impact of:

cyber-risk-assessment
  • Adversarial risks – like Ransomware or Social Engineering attacks
  • Accidental risks – like losing a company laptop
  • Technical risks – like a hard drive failing or database corruption
  • Environmental risks – like flooding, fire, and natural disasters

Cyberstone conducts Risk Assessments based on the globally-recognized NIST SP800-30 Guide for Conducting Risk Assessments.

Benefits Of Performing A Risk Assessment

  • Identify the unique risk events that threaten the well-being of the organization.
  • Draft risk responses that will mitigate, transfer or eliminate the risk.
  • Prioritize the implementation of cybersecurity controls and allocation of resources (time, money, and human capital).
  • Satisfy organizational and regulatory compliance requirements.

The Cyberstone Way Of Completing A Risk Assessment

A Risk Assessment requires the completion of seven tasks which are organized in three delivery phases.

How-to-Conduct-a-Risk-Assessment-602a9f444b5a7

Policy Development

Information security policies provide organizations with clarity and standardization. They govern how security controls are installed and configured and also tell employees what behaviors are expected and acceptable while interfacing with information systems. Policies are not static. Over time, corporate objectives may change, company cultures may change, and technology absolutely changes. As such, policy review should be a regular component of all cybersecurity programs.

IMG-1-5ff4ac84dfd11

Benefits Of Performing Policy Development

  • Publish the rules and guidelines that govern a cybersecurity program.
  • Provide the organization with clarity and focus.
  • Satisfy organizational and regulatory compliance requirements.

The Cyberstone Way Of Completing Policy Development

  • Research and analyze the organization to determine policy priority and gaps in the organization’s policy library.
  • Create new or modify existing policies.
  • Document and deposit new policy in the organization’s policy library.
  • Publish new policy to the impacted employees of the organization.

Cybersecurity Maturity & Compliance Assessments

Organizations that face the burden of operating in regulated industry often need to understand how their internal control framework satisfies compliance requirements. Cyberstone provides Compliance Maturity Assessments for:

cyber-image
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Cybersecurity Maturity Model Certification (CMMC)
  • Defense Federal Acquisition Regulation Supplement (DFARS)
  • NIST Cybersecurity Framework

Benefits Of Performing A Compliance Maturity Assessment

  • Identify the gaps that exist between an internal control framework and the one required to achieve compliance.
  • Prepare for audits and examinations.
  • Prioritize the implementation of cybersecurity controls and allocation of resources (time, money, and human capital).
  • Prioritize cybersecurity improvement initiatives.

The Cyberstone Way Of Completing Compliance Maturity Assessments

As part of the assessment, Cyberstone will interview key personnel, catalog existing security policies, procedures, and controls, and examine information technology assets. By following the NIST SP800-115 guideline for information security assessments, Cyberstone will effectively uncover organizational and regulatory gaps. Cyberstone’s reporting will provide a roadmap for adhering to industry best practices and achieving organizational and regulatory compliance.

Incident Response Planning

An Incident Response Plan is a documented set of instructions and procedures designed to help IT personnel and others detect, respond to and recover for cybersecurity incidents. The plan contains critical information about roles and responsibilities of the Computer Emergency Response Team (CERT), and the procedures for identifying, containing, neutralizing and reporting cybersecurity incidents.

Benefits Of Having An Incident Response Plan

  • The organization is well prepared to respond and recover from cybersecurity attacks.
  • The personnel responsible for the response and recovery efforts are well trained and understand their responsibilities.
  • Satisfy organizational and regulatory compliance requirements.
0/5 (0 Reviews)