Cyber Risk Assessments by CRI Advantage
CRI’s cyber assessment offering was developed by security experts who worked for the world’s largest targeted entity, the US federal government. Our approach is to assess the cyber protections from a strategic and tactical perspective. Our strategic review analyzes enterprise policies, required legal policies, and data at risk. We perform a risk assessment based on these artifacts. Our tactical approach is comprised of a technical assessment where we analyze existing systems for vulnerabilities and configurations. Our assessment report is comprised of the results of our strategic and tactical findings and recommendations. Customers can use our recommendations to further secure their environment.
- Virtual Desktop management: Workspot, Amazon Workspaces, Microsoft Azure VDI
- Remote IT Management tools; NinjaRMM, Itarian,
- Remote worksite/home; assessment and enterprise design
- Bring Your Own Device (BYOD) management
- Review and improvement of management services; MS-O365, Google Business
- Endpoint protection services; VPNs, Firewall, Access management, Identity management
Which Cybersecurity Assessment is Right for My Business?
Audit Readiness Assessment
Audit readiness should never be an end goal in itself, but rather the natural byproduct of a robust program of internal controls and repeatable processes. Audit findings and the impact of findings can have positive and negative effects, so it can be valuable to know where your organization stands. Some audits such as annual financial statements audits require a more specialized review of controls which can lead to more accuracy than a typical cybersecurity review. Readiness assessments can be performed at any point in the cycle, such as pre-audit preparedness or baseline/pre-remediation.
Cyber Program Assessment
Organizations that are just starting a formal cybersecurity program or those wanting to understand the return on investment and maturity of existing programs can benefit greatly from this kind of review. In addition to ensuring the program implements key best practice processes for an all-inclusive program, we examine some of the more challenging things such as how staffing, recruiting, and retention is handled, as well as managing the budget and utilization of cyber technologies in the organization from a return on investment perspective.
Many cybersecurity service companies perform a vulnerability scan and call the engagement complete when they hand over the scanning report from their tools. Our assessment services do typically involve scans, but also more in-depth examination of configurations and probing to obtain information that automated tools just can’t get. Our reports contain plain English descriptions of issues, risks, and remediation recommendations. We do not recommend something we are not able to fully explain, or that doesn’t apply to your environment.
Targeted Controls Assessments
Sometimes an enterprise-wide assessment isn’t needed. If there is a particular risk that needs to be examined, we can assess whether controls are present and operating effectively for targeted programs, processes, or technologies. Examples include:
- Ransomware Resilience
- Business Email Compromise
- Technology Operations (e.g., Configuration Management, Change Management, etc.)
- Procurement Fraud
Maintaining a continuous understanding of the many requirements involved with obtaining and keeping compliance with different regulations can be difficult and costly. We have extensive backgrounds in maintaining compliance programs in highly regulated environments and can help you achieve a compliance approach that works. We can also perform comprehensive compliance assessments to determine your level of compliance risk. Frameworks we currently assess for include:
- Sarbanes Oxley Act (SOX)
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- General Data Protection Regulation (GDPR)
- North American Electric Reliability Corporation (NERC)
- Critical Infrastructure Protection (CIP)
What Should I Expect from a Cybersecurity Assessment?
Why CRI Advantage?
CRI Advantage has been a leader in cybersecurity, risk management, and security professional staffing for businesses, federal agencies, as well as state and local government departments for more than 30 years.
Our security engineers have Certified Information Systems Security Professional (CISSP) and related certifications and are proficient in forensic, discovery, network analysis, IA certification, and exploit tools. When you work with CRI, you are bringing cutting-edge technology with the knowledge and experience to implement the most efficient processes to your team. Whether you are a small, medium, or large business – we can help.