Want to identify cybersecurity issues within your organization? One surefire way to do this – fall victim to a cyber attack. While “trial by fire” isn’t ideal, it certainly exposes security gaps across all business aspects. On the other side of the incident, detailed reports uncover attack data, outline vulnerabilities, and point the way to remediation to close the loop on exposure. A more proactive approach involves performing risk assessments on network services and devices to identify the severity of issues and pinpoint steps to address each vulnerability. Let’s look at a few steps you should take as you prepare to assess your organization’s cybersecurity posture.
Step 1. Identify stakeholders, scope, and scale
While the scan of networks and devices is the foundation of a risk assessment, a level of planning needs to occur. First, identify the stakeholders of the project (management, IT department members, etc.) that will be part of the conversation. This team then determines the scope and scale of the project to outline which devices, services, and subnets should be targeted and which are off-limits. The team should also develop a timeline for testing to ensure the scan doesn’t negatively impact business continuity during the process. The rules of engagement should be documented, adhered to, and preserved for future reference and additional scans.
Step 2. Collect information and scan data
Now that rules and scope are established, it’s time to get to work. Gathering information on devices, networks, and service ports will help to gain insight into which apps and services are running on each device. From there, a fingerprint of each device will assist in the testing and provide a significant amount of insight into potential vulnerabilities. Once the scan of device data is complete, the assessment tools need to be configured based on the project’s rules of engagement and scope. Upon completion, a large amount of data will need to be correlated into groups to generate reports of technical information and detail level.
Step 3. Perform risk assessment and remediation
Now that the assessments are complete, verified, and organized, the stakeholders should reconvene to perform a risk assessment and determine the best way to proceed with mitigation, acceptance, avoidance, or transference. It’s essential to keep in mind that each system may have a unique set of requirements, so threat assessment will likely require varying solutions for each system on the list. To minimize risk and remediate concerns quickly, a clear plan of action in the engagement rules will help resolve issues and get devices and services swiftly secured. Ideally, the stakeholders will begin with the high-priority threats first, moving down the list to the low-priority level threats last. Upon completing the remediation, verify the threats have been corrected and perform tests again to verify there are no new (or missed) issues.
Step 4. Rinse and repeat
This process should be scheduled as a portion of the organization’s ongoing change management process. Regularly scheduled assessments of the business’s security posture will continue to inform stakeholders of issues that may exist as well as keep the organization within regulation requirements, depending on the industry.
Connect with one of our UPSTACK advisors to help guide you through the process and recommend solutions from a comprehensive group of security suppliers.