Evidence Based Risk Assessment

Written By Kleid Security

The goal of this post is to emphasize the importance of conducting concrete and detailed evidence-based risk assessments.

Meaning, not only conducting an Excel based assessment which won’t uncover the detailed results that company’s are looking for, and need.

See key pillars below, and contact us for more information.

Map and understand:

  1. Project alignment 

  2. Understand the company’s environment

  3. Interviews with key stakeholders

  4. Conduct BIA (business impact analysis) for assets and systems

  5. Create a Threat Heat Map →  Attack Vector Map

Risk assessment and gap analysis:

  1. Assess security controls effectiveness w/r to various attack scenarios - Threat Heat Map

  2. Assess strengths and gaps across Prevention, Detection, Response and Recovery

  3. Conduct a gap analysis w/r to best security practices and regulations (such as NIST, ISO, SOC/X)

Attack simulation:

  1. Challenge security controls in a controlled and safe way

  2. Answer the question – How Secure Are We?

  3. This phase adds testable and imperial elements to the risk assessment process → EVIDENCE BASED

  4. Red Team exercise

Concrete mitigation plan:

  1. Define concrete and prioritized risk mitigation recommendations

  2. Define operational plan to bridge the gap between risk/regulatory requirements and current state

  3. Takes into account current threats and security controls

  4. Time efficient, practical

Kleid Security

CISO Services - Web 2.0 and Web3.

https://kleid.xyz/
Previous

Cyber Threat Landscape & Actors
Next

Key Security Golden Rules