Security Assessments

Defining the Artof Cybersecurity

SECURITY ASSESSMENTS

CYBERSECURITY
PROGRAM

Risk Assessment Overview

The Cybersecurity Risk Assessment involves working collaboratively with DC Consulting’s team to design, assess, identify gaps, and report on the strengths and/or weaknesses of your organization’s cybersecurity program. These results help your IT team develop, implement and maintain a comprehensive cybersecurity program to protect your company’s critical IT resources and information assets.

DESIGN

Assess

Report

Identify

LEARN MORE

Get additional information on our Cybersecurity Program Assessment. Fill out the form below and one of our team members will get back to you within 24 business hours.

Key deliverables from the cybersecurity assessment

The assessment results enable the organization to document key business applications, IT resources, and information assets, understand and communicate the current state of cybersecurity, and improve the cybersecurity risk profile over time.

System Security Plan (SSP)
Current Risk Profile (RP)
Plan of Action & Milestones (POA&M)
Executive Report

Cybersecurity Risk Assessment
Frameworks and Controls

The Cybersecurity Risk Assessment is based on industry best practices including the NIST Risk Management Framework (RMF) and NIST Cybersecurity Framework (CSF).

The cybersecurity controls are based on the Center for Internet Security (CIS) Critical Security Controls. The RMF / CSF Framework and CIS Controls will be implemented and managed for the client’s critical IT systems and business applications.

security-breach - incident response

cybersecurity RISK ASSESSMENT aPPROACH

Collect Information

Conduct a kickoff meeting to collect pertinent information from the operation's team (network diagrams, user-access diagrams, data flow diagrams, asset inventories, security tools inventories, manager names / roles, etc.). The client will assign resources to work DC Consulting LLC to complete the assessment and associated documentation.

DRAFT PLANS

Based on information gathered in Step 1, complete the draft System Security Plan (SSP) and the draft Cybersecurity Risk Assessment (CRA).

Validate Assumptions

Review the results of the draft System Security Plan (SSP) and draft Cybersecurity Risk Assessment (CRA) with the client to validate any assumptions regarding the network diagrams, user access diagrams, data flow diagrams, asset inventories, security tools inventories, manager names / roles, etc.

Document Maturity

Review the results of the draft System Security Plan (SSP) and draft Cybersecurity Risk Assessment (CRA) with the client to understand and document the relative maturity of the security controls based on the CIS Critical Security Controls.

Client Review

Once answers to all questions and clarification of unclear areas are resolved, the draft reports will be shared with the client management team for review and comment.

Delivery

After final feedback is received from the client, and all critical assumptions, business and technical solutions, controls, controls gaps, etc., are documented and approved, the final documents (System Security Plan, Current Risk Profile, Plan of Action and Milestones, Executive Report) will be delivered to the client program lead.

GET A COMPLIMENTARY CONSULTATION

Get an independent analysis of your technical environment based on up-to-date knowledge
of the latest security trends and global threat intelligence.
DC Consulting © 2021. All rights reserved.