Cyber Security Risk Quantification (“Scoring”) is a useful and novel mechanism for getting a “wrapped up” way to communicate your total web platform exposure. It’s really useful for communicating a common standard and as a mechanism for comparing and contrasting your exposure with other organisations; either those you work with, supply to, are supplied by, or even compete with.
But for the organisations who are interested in their personal exposure and how to improve upon it then it can seem a little limiting. In that instance what you really want to know is:
- What are my issues?
- Which ones should I fix immediately?
- And which ones should we budget to fix?
- Which ones are safe to sign off the risk?
- What should be my “remediation pathway”?
And that’s why we are delighted to give you your Cyber Risk Score for FREE. Our customers tell us they need more than just a “wrapped up score”, they need to understand their exposure and plan how to address it.
This is where our cyber security risk management platform comes into its own; we provide multiple views and ways to appreciate and understand your individual exposure.
How we help you tackle these issues and help you towards a remediation plan include:
- Re-score function and Re-score reporting – get visibility in how your Score would improve if you addressed certain issues and vulnerabilities (first image)
- Risk Impact Distribution report – showing you where your exposure lies in terms of urgency of remediation (second image)
- Risk Impact Analysis summary – summarising your impact versus likelihood analysis and providing a suggested “remediation pathway” (third image)
- SSL Certificate Health Checks – get detailed feedback on the health of your SSL certificates
- Port Scanning and Vulnerability analysis – get detailed information on your infrastructure open ports, what protocols they are serving, what software (and the patch levels) supporting those protocols, and what exploitations they are vulnerable to
- Subdomain Discovery – ensure you get visibility of all your sites
- Web site code and configuration scanning – both:
- Non-intrusive, passive, static code analysis
- Intrusive, active, dynamic code analysis
- Issue and vulnerability breakdown – view your issues and get detailed information on what they are and how you can address them
- Page breakdown – view your worst offending pages and get visibility into exposure “hot spots”; we even list out your bad links and missing pages
- Issue versus Likelihood analysis – Cyber Tzar approach of quantifying issues into potential impact (on your platform) and the likelihood of exploitation (given automated tools to exploit that issue or even familiarity and age of the exploits involved)
- Change over Time – track your progress and see how well you are doing over time and how the changing threat landscape impacts you
- Marketplace Benchmarking – understand how you compare to your marketplace and to your “nominated” organisations
- Supplier and supply chain analysis – when running supplier assessments or performing corporate due diligence on organisations that hold your staff and customer information
Cyber Tzar’s approach is entirely quantitative and based exclusively on the identification of known vulnerabilities in your IT Estate, the resulting Cyber Security Scores are accurate, reliable, predicable and repeatable.
Get your Cyber Tzar Cyber Risk Score for absolutely FREE now and every subsequent month.
Now that’s “well solid”!