Good Information Governance is the cornerstone to securely and efficiently manage an organization's data. It greatly improves workflow by allowing ready access in a secure manner to those that need, without having to spend hours fruitlessly searching. It greatly reduces risk and helps meet compliance standards by ensuring that your data is classified and secured/audited according to your risk profile.
We can help with this.
Good Cyber-Security posture requires you to know the system baseline and then be able to secure against, detect, and respond to anomolies. Ridgeback Cyber Intelligence performs Security Assessments using the NIST/SANS Criteria for evaluation
A security risk assessment takes into account the value of information assets, and measures the strength of the overall security program, then provides guidance on improvements based on information security risk findings. the security risk assessment can vary greatly in terms of method, rigor, and scope, however the core remains that the goal is to assess the security risks to the organizations information assets. This information is then used to determine how to mitigate security risks.
A security audit, also called the security controls review is a verification that security controls that have been specified by a particular organizational standard are properly implemented.
In most cases security audits cost more than security assessments and accomplish different things - The focus on an assessment is broader and covers a wider area of controls. Also, its ala carte nature allow for an organization to choose the level and depth needed to analyze their current situation
At Ridgeback Cyber Intelligence, We primarily perform Security assessments, which at a minimum focus on a broad identification of security issues and vulnerabilities based on in-depth interviews with key personnel, and configuration reviews of key systems/assets.
They are other optional components that we can address as well depending on the scope. these include:
An in-depth network study and a vulnerability scan
An in-depth network device configuration scan and review
A security policy and procedure review
An in-depth application review which focuses on common configuration mistakes and performing ad hoc testing, etc.
Security awareness and social engineering counters and penetration testing.
At Ridgeback Cyber Intelligence, we employ a qualitative risk method to determine the present security risks, as we feel that it is easier to understand and provides good indication of the organization security risk and is easier for organizations to implement.