Risk Assessment

34% of businesses affected by a malware attack couldn’t access their data for a week thereafter.     – 2021 Cybersecurity Statistics

Security risk assessments, or security audits, are essential for discovering risk and defining appropriate mitigation strategies that fit your company’s objectives. Without such strategies in place, many companies are not prepared to deal with cybersecurity attacks. In fact, according to a 2021 survey 34% of business who were affected by a malware attack couldn’t access their data for a full week thereafter.

To avoid these pitfalls, Security Tapestry reviews your policies, procedures, training, and current safeguards to determine your cyber risk. After these assessments, you can see which security controls have a strong protection from cybersecurity attacks and which ones need adjustments. The different types of security controls we assess during this process are outlined below:

Administrative Safeguards

Policies and procedures revolving around the administrative side of protecting networks and resources. These may include information about termination procedures and requirements, when training is conducted, sanction policies, etc.

Physical Safeguards

Policies and procedures used to protect the physical networks and resources. These safeguards might include locks on doors to server rooms, how access to the server room is granted, and who has the authority to grant access.

Technical Safeguards

How well networks and resources are protected technically. This includes procedures on granting access to pertinent data, encryption, anti-virus and anti-malware software, and information gleaned during the vulnerability scan and penetration test.    

Next Step: Security Tests

After we complete your initial security risk assessment and gap analysis by reviewing your key assets, current security strategy, controls, and IT infrastructure, the next step is security testing. This includes penetration testing, vulnerability scanning, and social engineering tests used to diagnose actual vulnerabilities in specific areas of your security infrastructure.

Defining Mitigation Strategies

Using information gathered from the security risk assessment and security testing processes, Security Tapestry will prioritize your top vulnerabilities and recommend strategies to mitigate those risks. We will provide a final report for the purpose of defining future security protocols, determining budgets, and implementing security risk mitigation solutions.