Risk Assessment

Agile Defense with NIST Controls

Agile Defense In the past, information systems security often focused simply on perimeter defense, wrongly assuming that a strong perimeter was the only defense needed. Then, as regulations became more complex and more legal, infosec became more “compliance-centric”, trying to pass the security audits required by law. Compliance oriented security produces reams of paperwork and […]

Documentation

Documentation

Risk assessment report

Control Recommendations

Control Recommendations

The goal of the controls is to reduce risk to a level that is acceptable

Risk Analysis

Risk Analysis

Control Analysis
Likelihood Determination
Impact Analysis
Risk Determination

Patch Management

Patch Management is a critical part of security.

Vulnerability Identification

Vulnerability Identification

Vulnerability lists and system testing

Threat Identification

Threat Identification

Natural (storms), Human and Environmental (power failure)