Our methodology is centered on a baseline of best practice standards, applied to the given situation, and augmented by our years of experience.
Our methodology is centered on a baseline of best practice standards, applied to the given situation, and augmented by our years of experience.
The Cyber Security Health Check is designed to provide an independent review of an organization's overall cyber security posture. Performed at a high level, the assessment covers current practices and technology to identify potential risks and areas of improvement.
Our approach is a systematic process to evaluate the people, processes and technology of your IT environment, focusing additional time as potential areas of concern are identified. Our methodology is centered on a baseline of best practice standards, applied to the given situation, and augmented by our years of experience. We include on-site or remote interviews, documentation reviews and technical analysis. We can perform the assessment considering your specific compliance and regulatory requirements, help you identify those requirements, or perform a review based on common frameworks for security controls.
RubinBrown can further provide assistance with the creation of policies, incident response or business continuity plans, security awareness training, and remediation of identified vulnerabilities based on the results of the assessment as needed.
The assessment consists of the following key activities:
Senior members of our team will conduct interviews with key personnel. The team will review logs, alerts, reports, consoles and configurations, as appropriate, along with relevant policies and procedures in order to identify strengths and potential weaknesses in the environment.
During the assessment, we will gain an understanding of the IT environment and infrastructure, the role of your IT personnel, documented and undocumented processes and the physical security of the environment. Key aspects of the review are to trace data flow (inbound and outbound) of sensitive information, identify key/high-level compliance requirements (e.g., HIPAA, PCI DSS, CMMC, privacy, personally identifiable information, etc.), identify key controls and identify points of potential weakness.
During the on-site assessment we will assess the physical security and environmental infrastructure of the facilities. Our team regularly works with clients to leverage phone, video and screen sharing technologies to perform assessments with the right mix of remote and on-site support.
We recommend integrating an external network penetration testing effort and an internal network vulnerability assessment and segmentation testing. These technical efforts provide detailed information we will use to help you eliminate any vulnerabilities in your system. Further services, such as wireless penetration testing and web application vulnerability assessments are also available.
Our reports include a combination of management information in the executive summary, actionable recommendations, and supporting technical details.