Security Risk Assessment
The extraordinary opportunities offered by technological evolution and digital transformation also entail numerous risks in terms of cybersecurity. Being adequately aware of these risks and understanding how ready the company is to manage them is the starting point for effectively addressing potential security incidents.
The objective of the service is to examine the company's current situation in terms of corporate security in the face of cyber threats and provide recommendations for appropriate improvement actions.
The Security Risk Assessment service of Safecore
ANBOindustry Safecore Security Risk Assessment is developed according to the model proposed by ISO 27001, thus making it possible to obtain an initial assessment of the company's level of maturity in relation to information security and to highlight the main shortcomings in the protection of personal data compared to what is required by law EU 2016/679 (GDPR).
The Security Risk Assessment service has the objective of assessing the risk of a company and aims to highlight the corporate deficiencies of IT security attributable to its inadequate management, to problems of a technological nature or caused by the lack of a shared culture of corporate security.
It also allows you to obtain from specialists a super-partes vision and assessment on the management of corporate IT security and a series of remediations commensurate with the real risks for the business.
What does the service consist of?
MANAGEMENT & CONTROL
TECHNOLOGY
HUMAN FACTOR
The activities foreseen by the service
The information collection activity is divided into two types of research: OSINT and Digital Footprinting.
OSINT and CLOSINT: this is the analysis of information in the public domain (Web, Dark Web, Deep Web) aimed at finding company-related data useful for planning an attack and for controlling the unauthorized dissemination of confidential information such as exposed credentials and known vulnerabilities.Digital Footprinting: is an activity aimed at mapping a company's online exposure in a detailed and complete manner, including IP addresses, services, domains and subdomains.
ASSESS: evaluation phase during which Mpg System, through simulated phishing tools, provides a detailed vision of the state of the company's security culture, highlighting the real risks to which the lack of cyber training exposes it, with the aim of evaluating the actions corrective measures to be undertaken.
Activities aimed at identifying, analyzing and classifying any vulnerabilities present in company systems and applications. This activity makes it possible to detect the level of security of the entire company infrastructure.
Based on the results of the analysis phase, an action plan is proposed aimed at achieving an optimal level of security, as well as greater compliance with the requirements of the current European general regulation on data protection, EU 2016/679 (GDPR).
To whom we recommend carrying out a security risk assessment
For companies interested in an initial assessment of the state of their IT security.
For companies that want to improve their internal cybersecurity, but are unsure how to proceed.
For companies that want to monitor their compliance with regulatory standards and make improvements where necessary.
For companies that wish to evaluate their level of awareness of IT security, with the aim of subsequently starting a training course in this area.