1
Map your assets
We need to thoroughly understand your organization’s assets. We then generate a complete map of potentially vulnerable assets. This includes hardware and all applications (whether human or processes), along with all data storage containers.
2
Identify threats
With your asset inventory, we can begin to identify the vulnerabilities and threats for each asset. We use various tests and risk assessment software tools to help in this process.
3
Prioritize risk
Next, we will help you prioritize your risks by giving each vulnerability a risk rating so you can prepare your remediation plans. You can assess your overall remediation budget against the risk and impacts of each threat or vulnerability.
4
Develop controls
For any given vulnerability, several types of security controls may be considered, including Physical Security Controls, Administrative Security Controls, and Technical Security Controls.
5
Document results
Effective risk assessment reports will condense the results of the various threat and vulnerability assessments in a concise threat ranking that provides a visual prioritization of your remediation plan
6
Create a plan
Now that risk ratings are determined and the order in which you will address vulnerabilities, we will help you create a detailed vulnerability remediation plan. This includes the basic, high-level steps for each remediation process and the associated costs.
7
Implement
Your team should now assign each item in the remediation plan to the appropriate team. Assignments should include realistic time frames for completion. In addition, you should indicate steps that teams can take to monitor the effectiveness of their remediation efforts, as well as any necessary reporting workflows.
8
Evaluate & Repeat
Since risk assessments are never static processes, they require ongoing monitoring and optimization.