The evolving sophistication of criminal activity and expanding capabilities of cyber-terrorists compels us to be vigilant in protecting cyber assets. Our cyber infrastructure is a primary conduit of our economy and an integral part of service and goods delivery. Protection must be comprehensive— accounting for people, movement of information and data, as well as all supporting technology components.
Threat Analysis Process – Through research, testing and the perfection of unique threat-based strategies, the agency has determined the most efficient way to analyze threats. This process can be used to create a response plan.
- Identifying Threats – To identify threats, gather data and information from previous events and multiple data sources. Once the information is accumulated, it can be organized and analyzed.
- Profiling Threats – Cataloging identified threats into profiles that include more detailed information. The profile should include the type of threat that is identified, the probability of its occurrence, any relevant history, and its consequences. Being preparation is key in threat analysis. This places key importance on the proper collection and organization of detailed information.
- Developing a Profile – After the threat profile is created, a profile of similar design is created. By cross-examining the information, a more refined projection of potential threats can be developed. These details reveal the potential damages that could occur and serve to guide the preparation of response plans.
- Determining Vulnerability – Threat profiles in tandem with other profiles to analyze threat factors and prioritize response systems. The analysis will identify the most present threats by comparing the vulnerabilities with the threat’s damage potential.
- Creating and Applying Scenarios – This involves the creation and application of disaster scenarios. These scenarios are intricate and realistic enough to mimic an actual event. To achieve this, the scenarios include the initial warning, predicted impact, possible trouble areas, and the response to damage, finite resources and possible consequences. These scenarios are tested repeatedly with different variables and are updated with new information, so the threat analysis is always ahead of the actual threat.
- Creating a Plan – The process of threat analysis is having a plan. These are comprehensive guidelines for creating efficient, effective plans that can be used in both the private and public sectors.
Cyber & Risk Assessment – Dnutch cyber assessments provide insight into cyber infrastructure capabilities and vulnerabilities. We look both internally and at key third parties to examine the design and performance of cyber related components. The Dnutch risk assessment model reviews seventeen essential cyber security areas and provides an in-depth look at systems, policies, procedures, and configurations to identify any the gaps and weaknesses.
Vulnerability Scanning – Validating actual configurations and extracting detailed information about potential risks is accomplished with targeted and black box scanning. Vulnerability scans can be focused on a variety of government and industry regulations and parameters including PCI, DSS, NERC, FISMA, SOX, GLBA, HIPAA, and COPPA.
Penetration Testing – Running controlled penetration tests validate vulnerabilities and the effectiveness of counter measures. Penetration testing provides demonstration of potential impacts and help drive prioritization of efforts to address issues. Tests can include exploits related to social networking use and the growing instances of threats leveraging this growing segment of how people interact and communicate.
Design & Implementation – Leveraging experience in both the public and private sectors, Dnutch custom-tailors cyber security programs to address an organization’s specific structure and compliance needs. We work with the organization to define processes and procedures to guide steps related to cyber security elements. We develop frameworks to prioritize, plan, and manage efforts effectively—while ensuring frameworks for the proper oversight and governance are in place.
Cyber Security Expertise:
- Information Assurance of Critical Infrastructure
- Integration Vulnerability Assessment and Penetration Testing (SAINT)
- ISO/IEC 17799:2005 Compliant Solutions
- Payment Card Industry (PCI) Standards
- Federal Information Security Management Act (FISMA) Support
- Health Insurance Portability and Accountability Act (HIPAA) Support
- Risk Assessment & Risk Management Framework
- Information Assurance Inspections and Audits
- Critical Infrastructure Continuity and Contingency Planning
- Emergency Preparedness & Disaster Recovery
- Training and Awareness Programs
- Exercise and Simulation
- Enterprise Information Systems Security Oversight Program
- Information Technology Infrastructure Library (ITIL)
- Control Objectives for Information and related Technology (COBIT)