Systems must be compliant with Federal and internal policies, directives, and guidance, but any system that stops there isn’t as secure as it needs to be in this age of security threats. To make a system secure, there are a variety of services, tools, and practices that must be adopted. But adding security components without understanding how they fit into a single, consolidated vision is counterproductive and can leave security holes big enough for the skilled or the tenacious to exploit. So before making changes or jumping to conclusions about a system’s security, we audit a system using both qualitative and quantitative exploration from certified experts in the cybersecurity domain. We track our information within a Cybersecurity Scorecard, which is a heuristic technique that allows us to give a rating to ten criteria and receive an aggregate score that gives a reasonable understanding of a system’s surface of vulnerability and the work that may be required to harden it.
- Cybersecurity Scorecard – Practical Security [PDF]
Maintaining systems and network cybersecurity involves multiple disciplines and domains working in harmony against unknown threats. This scorecard addresses the practical side of cybersecurity with ten criteria designed to gain in-depth understanding of a system and recognize potential vectors. Contact us for an Excel version of the file.
Security Auditing
Our approach to systems and security auditing focuses on a qualitative and quantitative exploration of a multitude of variables from technology stack to finances to business goals and desired outcomes. While we have provided a sample of our cybersecurity scorecard, we encourage prospective clients who are interested in learning more or conducting an impartial, third-party assessment to contact us directly.