Security Risk Assessment

Safeguarding sensitive data is paramount, especially for organizations handling information from vulnerable populations like low-income families, children, and the elderly. Nonprofit Face unique challenges in defending against cyber threats and to address these risks effectively, a comprehensive Security Risk Assessment is essential.

Request Your Security Risk Assessment

OUR APPROACH

This assessment oversees risk and vulnerability assessment of your entire organizations infrastructure. We'll deep dive into four sections:

 

Threat Landscape

Determine who or what might a pose a threat to your organization and how they may attempt to compromise critical assets.

Vulnerabilities

Simulate attacks to uncover vulnerabilities that can be exploited by threat actors and review security controls needed to fill these gaps.

Critical Assets

Identify your organization’s unique critical assets by building an understanding of what is most important and defining how it should be protected.

Risks

Identify and understand broad spectrum of risk, identified as an unrealized future event causing negative impacts on an organization.

Service Details

All Security Risk Assessments include a number of targeted assessments including:

Data Flow Assessment: A data flow risk assessment examines the security vulnerabilities inherent in the flow of data within a network. This assessment scrutinizes potential risks like unauthorized data access, data leakage points, or insecure data transfer protocols that could jeopardize the confidentiality or integrity of sensitive information. 

Control Assessment: A Cybersecurity Controls Assessment using CIS v8 involves evaluating an organization's adherence to the Center for Internet Security (CIS) Controls Version 8 framework. This assessment examines the implementation of security measures across various domains such as asset management, access control, and incident response. By assessing compliance with CIS v8, organizations can gauge their readiness to mitigate cyber threats effectively and enhance their overall security posture. 

Vulnerability Assessments: Vulnerability scanning is a proactive cybersecurity process that involves scanning computer networks, systems, and applications to identify potential security weaknesses and vulnerabilities. These vulnerabilities could include software flaws, misconfigurations, or outdated versions that could be exploited by attackers to gain unauthorized access or disrupt operations. 
 

The following scans will be conducted:

  • A scan of your organization’s firewall utilizing the Metasploit toolkit
  • A scan of your organization’s website utilizing Zaproxy web scanner

Tech Impact will prepare and discuss recommendations for improving your organization’s security. All recommendations will balance cost, user impact, administrative overhead, and potential security benefits. Tech Impact will provide the following:

  • Risk Assessment Report
  • Critical Asset Register
  • Risk Treatment Plan
  • Risk Assurance Plan
  • Website Scan
  • Network Penetration ScanServer Assessment


Tech Impact will conduct a wrap-up presentation and Q&A session either concurrent with or following the delivery of the final report. 

The duration of this project is typically 4-6 weeks from the project start date, which will be mutually agreed upon within a week of the execution of this contract.

 

Tech Impact will be available to answer follow-up questions about this assessment for 30 days following the conclusion of the project. Tech Impact can provide additional support via follow-up implementation projects, and/or through a separate systems support contract, which provides a monthly allotment of support hours starting at 2 hours per month.