SECURITY FUNDAMENTALS – CONTROLS ASSESSMENT
LMG developed a list of “Security Fundamentals” that organizations can use to develop an enterprise-wide security program. These controls are intended to provide high-value, impactful, actionable recommendations to get you moving in the right direction.
LMG’s team will:
- Evaluate your technical and administrative cybersecurity program and controls in 10 key areas, including Access Control, Software Lifecycle Management, Detection & Investigation, and more!
- Interview key personnel and management to understand your organization’s priorities and pain points to provide context for the assessment.
- Produce a report identifying any gaps among the 10 key activities and the essential security controls that support each one.
- Provide actionable, realistic recommendations to help your team strengthen your security program and reduce risk.
- Capture top successes and top areas for improvement in the report’s executive summary, plus a visual “scorecard” to illustrate strengths and weaknesses at a glance.
SECURITY FUNDAMENTALS – RISK ASSESSMENT
LMG will identify the top cybersecurity threats to your sensitive information and critical systems, then evaluate the risk level and provide actionable recommendations to reduce risk to your organization.
- Leverage our first-hand knowledge of current threats we are seeing in the wild, such as ransomware, data breach, and business email compromise.
- Interview key personnel and management to understand your organization’s mission sensitive data, critical systems, existing security controls, and any vulnerabilities that could be exploited.
- Assess the likelihood and potential impact of various risk scenarios.
- Calculate risk levels according to the NIST SP 800-30 standard.
- Produce a risk assessment report summarizing each threat and the associated risk to your organization.
- Provide actionable, prioritized recommendations to help your team reduce risk related to these top threats.
SECURITY FUNDAMENTALS – TECHNICAL TESTING
LMG will perform automated multilayer vulnerability scans on your internal and external network to identify vulnerabilities within your current network architecture.
- Vulnerability scans of Internet-facing systems
- Vulnerability scans of internal network
- Raw vulnerability scan results
- 1-3 page report outlining top findings and recommendations
- Scorecard with summary of findings