Cyber Assessment – Basic
As part of LEANmade’s Cyber – Basic assessment we offer a fully scripted and automated technical discovery service, which can be used to build up a technical picture of the cyber risks facing your organization.
LEANmade Cyber Assessment – Basic – covers the following topics, and is entirely designed based on common global standards (NIST, CIS)*:
- Risk Management – as per NIST RMF
- Inventory Management (Hardware) – as per CIS 1 – 1.8
- Inventory Management (Software) – CIS 2 – 2.10
- Continuous Vulnerability Management – CIS 3 – 3.7
- Control of Admin privileges – CIS 4 – 4.9
- Secure configuration – endpoints – CIS 5 – 5.5
- Monitoring – CIS 6 – 6.8
This Assessment helps to identify:
- Known and unknown devices on your network; this detects if any malicious devices are installed.
- Gaps in your vulnerability management program; attackers use vulnerabilities to compromise machines, so this will show any weak points that are detected.
- System hardening opportunities; important as attackers will seek out assets with the weakest security configuration for them to target.
- If your account management processes are working correctly; making passwords harder to hack helps protect your organisation.
- Possible attack routes for hackers; this shows what assets an attacker is likely to target first.
- If your existing resources and processes are able to detect basic cyber-attack behaviour; can they detect and respond?
Quick and non-intrusive:
This service can be performed on an ad-hoc basis and does not require large changes to your infrastructure to operate; it only requires a temporary Administrator-level username & password and some standard network services to be turned on for the duration of the test. For both these changes we provide a simple automated script: first to install, and afterwards to remove all changes.
Within 2 days:
On the first day, LEANmade will connect their testing equipment (1 notebook running a dedicated test-environment on a Linux VM) to your network. You will decide what machines and components we should include, and we will run all tests required in one session. The next day, we will analyse the automated output and provide feedback and first recommendations on the results.
100% transparency and discretion:
There are no hidden secrets, we fully document every step we take during this test, and you or your staff are very much welcome to join and watch every step.
Overall Cyber Readiness:
To get the best value from this Cyber Assessment – Basic, we recommend you include it as part of an overall assessment of your cyber readiness (i.e. People. Process, 3rd-Party Risk, etc.).
Additional Output Options
If required, we can include additional output formats in our standardized framework, for example to cover selected modules from the BSI – IT Grundschutz Catalogues.
** For more information on BSI IT-Grundschutz:
Please visit (for English) https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzInternational/itgrundschutzinternational_node.html