Security Risk Assessment
Safeguarding sensitive data is paramount, especially for organizations handling information from vulnerable populations like low-income families, children, and the elderly. Nonprofits face unique challenges in defending against cyber threats and to address these risks effectively, a comprehensive Security Risk Assessment is essential.
This assessment oversees risk and vulnerability aspects of your entire organizations infrastructure. We'll deep dive into four sections:
Threat Landscape
Vulnerabilities
Critical Assets
Risks
Connect With Our Security Team
Service Details
All Security Risk Assessments include a number of targeted assessments including:
Data Flow Assessment: A data flow risk assessment examines the security vulnerabilities inherent in the flow of data within a network. This assessment scrutinizes potential risks like unauthorized data access, data leakage points, or insecure data transfer protocols that could jeopardize the confidentiality or integrity of sensitive information.
Control Assessment: A Cybersecurity Controls Assessment using CIS v8 involves evaluating an organization's adherence to the Center for Internet Security (CIS) Controls Version 8 framework. This assessment examines the implementation of security measures across various domains such as asset management, access control, and incident response. By assessing compliance with CIS v8, organizations can gauge their readiness to mitigate cyber threats effectively and enhance their overall security posture.
Vulnerability Assessments: Vulnerability scanning is a proactive cybersecurity process that involves scanning computer networks, systems, and applications to identify potential security weaknesses and vulnerabilities. These vulnerabilities could include software flaws, misconfigurations, or outdated versions that could be exploited by attackers to gain unauthorized access or disrupt operations.
The following scans will be conducted:
- A scan of your organization’s firewall utilizing the Metasploit toolkit
- A scan of your organization’s website utilizing Zaproxy web scanner
Tech Impact will prepare and discuss recommendations for improving your organization’s security. All recommendations will balance cost, user impact, administrative overhead, and potential security benefits. Tech Impact will provide the following:
- Risk Assessment Report
- Critical Asset Register
- Risk Treatment Plan
- Risk Assurance Plan
- Website Scan
- Network Penetration ScanServer Assessment
Tech Impact will conduct a wrap-up presentation and Q&A session either concurrent with or following the delivery of the final report.
The duration of this project is typically 4-6 weeks from the project start date, which will be mutually agreed upon within a week of the execution of this contract.
Tech Impact will be available to answer follow-up questions about this assessment for 30 days following the conclusion of the project. Tech Impact can provide additional support via follow-up implementation projects, and/or through a separate systems support contract, which provides a monthly allotment of support hours starting at 2 hours per month.
“We were looking for support from Tech Impact that could compliment our internal team’s ability to help us focus on improving cybersecurity protections. Moving systems to the cloud is great, but it also comes with a lot of risks and issues we needed to plan for. Together, we've beefed up our security, implemented staff training, and audited our entire ecosystem so we all feel confident in our network, users, and systems.”
