So you’ve spent a lot of money for your networks and computers anti-malware software, firewalls, and cyber training for employees–but will these efforts secure you?
Tech Kahunas will look at your weaknesses. Then we’ll look at the threats to them. Then we’ll calculate the likelihood and severity of a successful attack on those weaknesses. That’s your “risk assessment.” Then we’ll make recommendations for defense.
Our security recommendations will be based on a layered set of defenses. That’s because if an attacker gets past one defense, another will be there to stop him.
Tech Kahunas helps clients defend against cyberattacks and protect your data:
– While you work.
– While stored on a computer or hard drive.
– While you send it to a contact.
Techie Details: Tech Kahunas’ cyber risk assessments use the National Institute of Standards and Technology’s 800-30 Guide for Conducting Risk Assessments as a guideline to conduct your assessment.
You have to know what you have in order to protect it. We look at physical and virtual “assets:” data, hardware and software that have a “positive economic value”–things that cost money.
How critical are these assets to your computers and networks? How much revenue do they affect or generate? What would happen if the asset was no longer available? We label assets in the analysis on a scale of importance from 1 to 5 being highest.
What are your organization’s structural flaws and weaknesses? Tech Kahunas uncover these weaknesses (“vulnerabilities”) in your current security. How effective are your current safeguards? What weaknesses still exist despite them? Tech Kahunas captures a picture of your network’s and data’s security.
Every asset will be measured for multiple vulnerabilities and we test your cybersecurity with industry-standard tools. We have diverse backgrounds and our experience enables us to consider all the weaknesses specific to your organization.
What malicious forces are out there? What are the human or environmental threats to your assets? What types of attackers might there be?
We look at everything.
So when we look at the vulnerabilities and threats, we determine what dangers an asset may face. Both a threat and a vulnerability must be present in order for them to be a “risk” to your organization. What is the likelihood that the vulnerability would be exploited? What would happen to your organization if the attack occurred? We assign likelihood and impact ratings for the risk. Then we score your total risk with a “risk rating.”
(TECHIE STUFF: We use the well-known equation Risk = Threat x Vulnerability.)
We repeat our assessment after every change to your networks and systems, and at the end of every quarter. As an objective 3rd party, we also may find risks our clients overlooked and perform official security compliance audits as well.
So, what to do about the risks? Realize that not every risk can be entirely eliminated. The question is, how much risk can you tolerate? Time and money are involved; some risks must also simply be accepted.
We know the likelihood and impact of the risks we find. Then we develop a custom set of hardware, software, practices and configurations to bolster your security and reduce your risk to acceptable levels.
Don’t worry. We have years of this.