Your organization is looking to complete a point-in-time security gap analysis to understand risks to the business, client data and operations. A thorough assessment of your technical controls, policies and procedures will provide you a clear and prioritized path on how to improve your security program.
The engagement – benchmark assessment, roadmap recommendations and prioritization
Kobalt.io will perform a cyber security gap analysis covering the following areas:
Working with the client, Kobalt.io will help to identify 3-4 primary areas of concern to evaluate the existing security program’s effectiveness. Examples of common threat models include ransomware attacks, business email fraud, data breach by external attackers, insider misuse.
Controls, policies and procedures
Kobalt.io will evaluate the client’s security program across the following domains:
- Inventory controls – Hardware, Software, Data and Cloud Services
- Security Awareness Training
- Patching and Vulnerability Management
- Policies and Standards
- Backup and Restore Capabilities
- Controls: Anti-Malware, Email, Web, Firewalls
- Account Management and Access Privileges
- Incident Response
Kobalt.io will conduct one or more gap assessment interviews with provided technical contacts via Zoom. This will consist of up to two, two-hour sessions reviewing controls, policies and procedures against the above domains. Kobalt.io will also gather additional information to establish a threat model, understanding of key and critical assets (systems and data) and perform a baseline ransomware readiness assessment.
Report and Roadmap
Kobalt.io Security Inc. will deliver within 30 days from scheduled interviews (assuming client availability for interviews) a written report detailing strengths and weaknesses of their organization against the above domains, readiness to deal with threats identified in the threat model and a high level strategic security program roadmap with prioritized recommendations. Kobalt.io will also provide a copy of our External Discovery report that provides a detailed summary of exposed service risks and look-alike domains.
Kobalt.io will deliver a 60 minute executive briefing of the findings, and be available to answer any questions about the report. If there are further actions requested post report-delivery these would be part of a subsequent agreement and engagement.
90 Days to Better Security
The Kobalt.io Security Gap Assessment is part of our 90 Days to Better Security Program. Based on the findings in the report and executive review, Kobalt will propose a tailored security program to help address prioritized risks.
Days 01-30: Execute Gap Assessment and Executive Review
Days 31-60: Tailor Security Program Service and Complete Agreement
Days 61-90: Begin execution of Security Program to reduce risks
Kobalt.io assesses, develops and runs cyber security programs for small and mid-sized organizations. Kobalt.io partners with our clients using industry standards and best practices, shared service platforms and an extensive team of specialists to help level up their cyber security programs in a timely and cost-effective fashion.