Step 1: Vulnerability Analysis and Assessment
How well do my security controls address technical, people and process weaknesses?
The first step on the pathway is to identify your current context and vulnerabilities. Adopting the stance of an adversary, our penetration testing and red team will challenge your organisation from all angles by deploying various analysis and testing techniques including social engineering scams, human testing, technical testing, and policy adherence.
This should be repeated again at the end of the cycle to test the defences you have put in place and identify if any new vulnerabilities in your security have appeared.
Step 2: Cyber Threat Detection
Is there anything bad on my network now?
The second step in the process will identify any immediate threats. We will monitor your network to identify any anomalies, unusual events or trends which might indicate your current networks have been compromised. Monitoring will also help to build situational awareness of the technical status of networks.
Step 3: Static Cyber Risk Modelling and Mapping of Information Flows
How good should my defences be?
The third step in the process will establish a baseline risk profile and analyse the impact of cyber risks on business risk. This will enable the enterprise to prioritise its efforts and focus on the most important assets requiring protection. We will use our proprietary Cyber ADVANTAGE (CyAD) graphical modelling technique to provide a true view of cyber risk across the enterprise. Its visual nature facilitates effective communication between security, IT and business analyst teams.
Information flows around the enterprise will also be mapped and used to define information exchange requirements. The security architecture will then be mapped, which in turn will inform identification of the appropriate protective security controls.
Step 4: Dynamic Risk Modelling
How can I continuously see the threats affecting my business?
Step four involves progressing to dynamic cyber risk modelling. Building on the baseline risk profile, we will create a user-friendly dashboard underpinned by the correlation of inputs including network monitoring logs, real-time event capture utilising thousands of indicators of compromise, enterprise application security labelling alerts, detected network anomaly data, and attack path analysis feeds. The dashboard will allow a real-time view of the system status and allow drill-down into detail which will help prioritise investment decisions as well as inform decisions on mitigation activity if an event occurs on the system.
Step 5: Threat Mitigation and Risk Treatment Plan
How do I mitigate the threats to my business?
In step five, threats to the enterprise are detected and appropriate mitigation activities are launched together with a risk treatment plan.
The lessons learned, mitigation success metrics, analyst threat intelligence, and risk absorption decisions are fed back in to the dynamic risk modelling, ensuring that the mitigation against new and sophisticated threats remain the most appropriate as the threat landscape fluctuates, and also that threat trends and patterns can emerge and be levied to allow the enterprise to become more proactive, and even predict threats.
Step 6: Measurement of Security Controls
How effective and appropriate are my security controls against rapidly changing threat and risk to my organisation?
At this final stage in the cycle, we will measure the security controls, and evaluate their effectiveness in response to an actual threat and instigation of a risk treatment plan. This will allow the organisation to adapt the controls in response to a highly dynamic threat and operational environment.