Cybersecurity Risk Management

Our approach to cybersecurity follows the Risk Management Framework (RMF) developed by the National Institute of Standards and Technology (NIST).  Based on a risk-informed methodology, we collect data from the enterprise operational environment (including asset information, user access information, network and system monitoring logs, and threat intelligence), perform detailed analysis based on well-defined evaluation metrics and security policies, and produce comprehensive and quantified risk results for actionable decision making.  Developed initially for the industrial control systems and the infrastructure industry, our cybersecurity solution can be extended and customized to support a range of application domains.  Detailed capabilities include:

Quantitative Cybersecurity Risk Analysis

Asset-driven cybersecurity risk quantification based on NIST SP800 standards

Automated Vulnerability Discovery

Cybersecurity vulnerability discovery integrated with asset management based on NIST NVD

Cyber-Physical Integrated Defense

Normalized vulnerability measures of both cyber and physical security for integrated defense

Quantified Consequence Modeling

Consequence modeling to support industrial control systems and infrastructure facilities

For more information, please send us your inquiry via the contact form.