Our approach to cybersecurity follows the Risk Management Framework (RMF) developed by the National Institute of Standards and Technology (NIST). Based on a risk-informed methodology, we collect data from the enterprise operational environment (including asset information, user access information, network and system monitoring logs, and threat intelligence), perform detailed analysis based on well-defined evaluation metrics and security policies, and produce comprehensive and quantified risk results for actionable decision making. Developed initially for the industrial control systems and the infrastructure industry, our cybersecurity solution can be extended and customized to support a range of application domains. Detailed capabilities include:
Quantitative Cybersecurity Risk Analysis
Asset-driven cybersecurity risk quantification based on NIST SP800 standards
Automated Vulnerability Discovery
Cybersecurity vulnerability discovery integrated with asset management based on NIST NVD
Cyber-Physical Integrated Defense
Normalized vulnerability measures of both cyber and physical security for integrated defense
Quantified Consequence Modeling
Consequence modeling to support industrial control systems and infrastructure facilities
For more information, please send us your inquiry via the contact form.