Risk Management

We work to develop unique risk management plans for each of our clients. These plans consider the client’s approach to governance, risk appetite, maturity of policies and procedures, and available budget. Such plans serve as roadmaps to help clients understand and mitigate their cyber risks. Available services to develop such plans include:

 

Advanced Penetration Testing (“White Hat Hacking”) and Red Team Exercises

Cybrella’s white hat hacking team tests networks, systems, and applications to identify security vulnerabilities that malicious hackers can exploit. This service can be run independently or in combination with a red team exercise. Red team exercises simulate a real-world adversarial attack on your network. These exercises are useful to identify potential vulnerabilities in your systems, your procedures, and in your team’s ability to defeat the threat.

 

Cyber Risk Assessment

At the beginning of each cyber risk assessment, we ask you to tell us about your business goals and functions. With this baseline, we then map involved actors, assets, and data entry points to identify criticality levels across datasets and personnel using the CIA (confidentiality, integrity, and availability) triad model. Using a variety of tools that include social engineering techniques, we will test your organizational policies and procedures, IT architecture and components, and access to both on-premise and cloud-hosted applications and services. Our assessment concludes with a gap analysis and recommendations to tighten your cyber posture and mitigate risks to critical workflows.

 

Application Security Assessment & Code Review

As part of a comprehensive application security assessment, we:

  • Interview the application’s architects, designers, and developers to understand its design characteristics and security vulnerabilities
  • Review the implemented settings of the application
  • Conduct a review to determine status of patches and updates
  • Check application firewalls
  • Conduct penetration testing

 

We also conduct professional code reviews across a variety of programming languages. Our code review techniques utilize a combination of automated tools (managed and filtered by our professionals), manual testing, code examination, and interviews with the development team. The output of the review is a report that identifies vulnerabilities, concerns, and other items that may impact your organization’s cybersecurity.