Risk Assessment

A Risk Assessment provides your organization with a comprehensive overview of your information system’s risk posture. The assessment answers these critical questions: Are you protecting sensitive data? Who has access? What are the biggest vulnerabilities? What are the priorities for remediation? Could your system pass a compliance audit today?

MRETEC’s Risk Assessment provides your organization with answers to these questions, and includes the following elements:

Audit

An established audit framework, such as NIST SP800-53A or ISO 27001/27002, is used to structure a comprehensive audit, which typically includes a review of existing security policies and procedures, interviews with your organization’s personnel, and a check of physical security controls within your data center.

Test

Selected security controls are tested to confirm the presence and efficacy of the security measures that are in place.

Vulnerability Assessment

Using state-of-the-art tools, all computing assets are tested for vulnerabilities (e.g., missing patches, mis-configurations, default passwords) and then are risk-ranked using the Common Vulnerability Scoring System (CVSS). For each vulnerability, we provide recommendations for remediation or compensating controls to reduce the risk.

Report

An Executive Summary and detailed Technical Report provide: all findings; risk-ranking of findings; a prioritized remediation plan; and recommendations.