Information Security Risk Assessment

Do you REALLY know WHERE your security weaknesses are?

Our customers are assessed using our unique Information Security Assessment methodology based on the NSA-ISAM, NIST 800-53, and the Baldrige Cybersecurity Excellence Builder by NIST – a unique combination you will not see anywhere else, globally.  

We Provide Comprehensive Security Risk Assessments

At Atlant Security, we provide more than just an information security risk assessment for our clients. We will also provide consulting on every finding we discover so you know exactly how to remove the security risk from your company for good. This will include a detailed action plan with steps to follow and clear objectives that we will ensure you achieve so you stay clear of security breaches that can cost your business valuable time and money. This means we offer an all in one solution to your business so you don’t have to go and spend more money elsewhere. 

Experience a blend of assessment and consulting in one.

14 areas to DIG INTO
14 DAYS
1 SECURITY ASSESSMENT

Forget the boring reports. We develop a complete Information Security Program for you, with detailed steps to follow for your technical team. We have done this for banks and nuclear power plants in the past – it is your turn to go through our assessment!

Password & Access Management

People store passwords everywhere and reuse their online shopping password for their corporate email! To top it off, their password is [email protected] or its variation and is guessed in 5 minutes. We help discover all such practices.

Attack Mitigation

We check for existing mitigation controls for 17 types of cyber attacks: account compromise, unauthorized access, ransomware, network intrusions, malware infections, sabotage, security policy violations, etc.

Security Awareness Training

We will check what is the effectiveness of any existing security awareness efforts in the client's business.
We will also find all business areas where the employees are particularly vulnerable to social engineering attacks and in need of additional specialized training.

Cloud Security Architecture

Microsoft 365 has 280+ security settings. Amazon Web Services and Azure have hundreds of security configuration options, too - we will discover and document all security improvement opportunities in your cloud infrastructure.

IT Infrastructure Security Assessment

We help our customers discover weak security configuration in their IT infrastructure by checking Server & Network Device Hardening, Desktop Hardening, Network & Web Service security, Data Security, Backups, etc.

Vulnerability management

How many vulnerable machines / apps can a company have in its network?
How effective is your Vulnerability management program?

Email & Communications Security

Can your email access be easily compromised and in which ways?
Can hackers access your instant messaging communications?
Can information be easily leaked via email?

Penetration Testing

3 questions:
1) Have you ever performed a penetration test?
2) Was it performed in the best way possible or did you do it just for compliance reasons?
3) Do you want to experience a proper penetration test?

Secure Software Development

Software development should be a rapid, secure and efficient process. Do you follow the right secure software development best practices and if not, which ones should be implemented urgently? Our security assessment will find out!

Security Policies and Procedures

Policies and Procedures are the governing laws of a company's business. Are your in use? Are they effective? Do they hamper your business in any way? Let us find out!

Secure Remote Access

Secure Work From Home is one aspect of remote access, but what about third party partners and outsourced employees, vendors and guests? Remote access to sensitive data is not limited to VPN.

Zero Trust Networking

And this is exactly why we expand your defenses beyond VPN and add Zero-Trust as your main principle of defense. Are you ready to move on to the next era of access control already used by Google, Microsoft and many others?

Advanced Endpoint Security

Antivirus is just one of 12 controls we look for to see how protected your endpoints are from advanced hacking attacks. These controls help prevent the exploitation of these devices via malicious documents, scripts, 0day vulnerabilities and more.

Security Monitoring

Can you detect an attacker in your network today? If not, how are you sure they are not in your network? We will test your security monitoring capabilities and suggest concrete actions to strengthen them.

Plus much More

Every Information Security Program we build and execute for our clients is different. Their teams, infrastructure, applications used and business objectives are differ and we often expand our services to serve them better.

Experience what it's like to be stress-free

Let us take care of cybersecurity for you!

How Do Our Information Security Risk Assessments Work?

Step 1: Information Security Assessment

The only way to map a customers’ security journey is to assess where they are and where they want to be in a year. 

  1. We assess your current security controls in every one of the 14 areas above and find the critical items which pose the greatest, immediate risk of a security breach and generate a plan to rapidly close the gaps with compensating controls

  2. We also identify the medium-rated and low-rated threats, vulnerabilities and missing controls and include them in the Information Security Program Plan that we create for you as an output of the assessment

Step 2: Get your Security Program Plan

The output of the Information Security Assessment is a detailed report with deeply technical step-by-step recommendation, but the real value of the assessment is in the Information Security Program Plan you will receive. 

  1. We then utilize the Information Security Program Plan as a list of objectives and help your team achieve every single one of them within a year

  2. Regardless of who manages your information security, they will be able to follow a strategic, business-priority following plan to mitigate all findings discovered during the Information Security Assessment within just 12 months. 

Identity & Access Management

Our Identity and Access management service It is part of the CISO as a Service and is an ongoing effort throughout the entire time we work with our customer. During that time, we identify all business information assets and all people having regular or administrative access to them. We also identify potential ways to attack or misuse the access and come up with compensating controls for them.

A critical part of this project is to educate the whole team of the customer on the importance of not reusing passwords and how to use a password manager efficiently.

An important objective to achieve with any customer is reaching passwordless authentication – something we achieve with a combination of services from Google (FIDO2), Microsoft (passwordless authentication), Yubico and utilizing biometrics and physical security.

password and access management

Attack Mitigation

Every company has a different threat landscape due to the data it holds, its customers and competitors and the resources it operates with.

Due to this, there are different attack methods hackers can use to compromise the security of the company and achieve their objective – to steal money directly from the accounting department, to steal confidential data or even hold the company for ransom, as it happened with this famous law firm security breach.

information security risk assessment

We take all of this into account, but we also cover the fundamental types of attacks with all our customers when conducting a information security risk assessment. 

  1. Intrusions against networks
  2. Ransomware infections
  3. Malware infections
  4. Unauthorized release or disclosure of information
  5. Unauthorized access
  6. Account compromise
  7. Abuse of privileges
  8. Unauthorized changes of sensitive information, applications, systems or hardware
  9. Information security policy violation
  10. Suspicious system behavior
  11. Password confidentiality breach
  12. Sabotage / physical damage
  13. 0-day exploitation
  14. Phishing attacks
  15. Spear Phishing attacks
  16. Web service breach
  17. Insider threats

We come up with compensating controls for all of the above and implement them for our customers depending on business priority and risk.

 

Let's get to work together!

We serve very few clients and take pride in our work. Can we become a great team and achieve amazing things together?

cyber security consultant