Cybersecurity Assessment

Following the NIST’s cybersecurity risk management framework (RMF), D-Tech has developed a comprehensive cybersecurity risk assessment methodology called RiskQuantifier™ based on NIST standards (NIST SP 800-53, SP 800-39, SP 800-37 and SP 800-30). Unlike most practices in cybersecurity risk assessment today using a qualitative approach that is subjective, inconsistent and often time-consuming, RiskQuantifier™ uses an asset-driven approach to identify and measure cybersecurity risks in a quantitative, consistent and systematic fashion, enabling organizations to streamline their cybersecurity assessment and risk management processes efficiently and cost-effectively across the entire enterprise. The key components in RiskQuantifier™ consist of asset identification, risk impact determination, vulnerability identification with standard scores, association of vulnerability to security controls, exploit pathway analysis, and calculation of risk factors. In addition, RiskQuantifier™ will help organizations reach a higher maturity level of cybersecurity risk management with a consistent and repeatable process. D-Tech’s service offerings under the RiskQuantifier™ practice include:

  • Review of existing cybersecurity policies and procedures
  • Development of organization-specific cybersecurity policies, guidance and roadmaps
  • Enterprise-wide asset identification and risk impact analysis
  • Vulnerability identification, data collection and assessment
  • Development of continuous assessment and monitoring tools and practices
  • Assess control (both physical and network) and exploit pathway analysis
  • Development of risk calculation matrix and tools
  • Compliance auditing support and risk assessment reporting
  • Training of cybersecurity risk assessment processes and practices

For more information about this service offering, please send us your inquiry via the contact form.