Risk Assessment

Our threat-based risk assessment eliminates information overload.

Paralyzed by data? Overwhelmed with vulnerability disclosures? We cut through the Fear, Uncertainty and Doubt with a rigorous risk assessment process that actually makes it easier to make decisions. You can articulate not just what can happen, but why, and how your security decisions help reduce the risk.

First: Risk starts with threat.

Are you a target for hacktivists? What about China? Or your competitors? To get from fear to reality, you need to understand your adversaries. What do they want? What economic and political factors drive them to target your company’s technology and expertise? Do they have the capabilities to target your cyber systems and people? As former U.S. Intelligence officers, we know these adversaries, what they want, how they think, and what resources they have to pursue their objectives.

Second: Consequences matter.

A security breach is embarrassing, but it doesn’t matter to your business unless there is financial loss. Of all the possible security compromises that your adversaries could cause, which ones would create actual financial consequences? We help you assign relative values to security compromise, and prioritize the threats that can do real damage to your business. The result is a list of threats ranked by the outcomes of greatest concern to you.

Third: Focus and depth.

You’ve identified the adversaries who have the will and capability to do you harm. You’ve ranked the outcomes that would do the greatest damage to your business. Now that you’ve reduced the field, you can focus on the vulnerabilities that enable these outcomes. Our difference? We understand how cyber and human vulnerabilities enable each other, and how far a determined adversary will go. You get defense-in-depth across your physical, cyber, and human vulnerabilities.

Our risk assessments support a holistic security strategy.

We lay out your threat landscape and help you build the foundation for common-sense, informed decisions about where to spend your limited security resources for the maximum benefit. We help you design a security strategy that integrates physical security, cyber security, training, and policy, and when you are ready to implement your strategy, we provide expert specialized services to support you.