A Risk Assessment provides your organization with a comprehensive overview of your information system’s risk posture. The assessment answers these critical questions: Are you protecting sensitive data? Who has access? What are the biggest vulnerabilities? What are the priorities for remediation? Could your system pass a compliance audit today?
MRETEC’s Risk Assessment provides your organization with answers to these questions, and includes the following elements:
An established audit framework, such as NIST SP800-53A or ISO 27001/27002, is used to structure a comprehensive audit, which typically includes a review of existing security policies and procedures, interviews with your organization’s personnel, and a check of physical security controls within your data center.
Selected security controls are tested to confirm the presence and efficacy of the security measures that are in place.
Using state-of-the-art tools, all computing assets are tested for vulnerabilities (e.g., missing patches, mis-configurations, default passwords) and then are risk-ranked using the Common Vulnerability Scoring System (CVSS). For each vulnerability, we provide recommendations for remediation or compensating controls to reduce the risk.
An Executive Summary and detailed Technical Report provide: all findings; risk-ranking of findings; a prioritized remediation plan; and recommendations.