Share

Threat Risk Assessment

Threat Risk Assessment

Analyze your mission and business critical software systems for vulnerabilities

A Threat and Risk Assessment analyzes a software system for vulnerabilities, examines potential threats associated with those vulnerabilities, and evaluates the resulting security risks.

According to NIST SP800-30, a vulnerability is any “flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy.”

The level of threat is determined from the potential for any natural, human or environmental source to trigger or exploit any identified vulnerability. Canary Trap’s Threat Risk Assessment looks at both the probability of that threat occurring, and the impact on both system and organization should it occur. We will work through the appropriate strategies can then be implemented for each risk depending on the severity. This can include  acceptance of the risk, adoption of a mitigation plan, or implementation of an avoidance strategy.

For more information, please complete our Scoping Questionnaire or give us a call.

Download the Service Brief

Web & Mobile Application Penetration Testing.

  • This field is for validation purposes and should be left unchanged.

Service Delivery

Scope the engagement

Complete the Scoping Questionnaire as a precursor to facilitating a scoping call with one of Canary Trap’s security experts. Canary Trap will draft a fully customized Statement of Work for each engagement. The Statement of Work will articulate our unique Approach and Methodology, In-scope Work Items, Key Deliverables, Roles, Responsibilities, Cost(s) and Timeline associated with undertaking the work effort.

Project kick-off

Upon receiving the signed Statement of Work and corresponding Purchase Order, Canary Trap will move to assign a dedicated Project Manager who will organize the project kick-off call. The project kick-off call will serve to introduce key business stakeholders and set timelines for project milestones. Any outstanding questions will be answered and Canary Trap and the customer will agree to commence testing in full conformance with client requirements and expectations.

Commence testing

 

Canary Trap’s security experts will undertake Threat Risk Assessment test against the in-scope software system. Human expertise is combined with automated penetration testing tools, artificial and threat intelligence to ensure that we take a thorough, in-depth approach to identifying vulnerabilities and security gaps.

We operate in full transparency. You can expect to receive regular status updates and advise on any notable vulnerabilities that present a true and present risk. With Canary Trap, the left hand will always know what the right hand is doing.

Report on findings

 

After the Threat Risk Assessment has been completed, Canary Trap will deliver a Executive Report that includes our detailed findings and any calls to action. We will illustrate exactly how our findings were discovered, how they can be reproduced and recommendations on how to remediate any uncovered issues. Once the identified vulnerabilities have been remediated, Canary Trap can be engaged to retest.

Methodology, tools & certifications

You rely on your software systems and applications for revenue generation, customer data collection and digital interaction. Vulnerabilities can be leveraged by adversaries to disrupt business continuity, steal customer data, cause financial harm or loss of brand reputation. One of the best ways to safeguard against these outcomes is to undertake a Threat Risk Assessment.

In order for a Threat Risk Assessment to be successful, the security expert(s) must posses the relevant tools and credentials while maintaining a clear understanding of relevant compliance standards (i.e. HIPAA) and procedures used to discover any vulnerabilities for exploit.

Canary Trap has developed it’s own unique security testing methodology that’s aligned to industry best practices. We come armed with the tools, techniques and expertise to deliver a high quality engagement.

Tools

  • Port Scanners
  • Network-based Vulnerability Scanners
  • Host-based Vulnerability Scanners
  • Application Scanners
  • Web Application Assessment Proxy
  • NMAP
  • Metasploit
  • Wireshark
  • W3AF
  • John the Ripper (JTR)
  • Threat Intelligence

Certifications

  • Certified Security Analyst (ECSA)
  • Certified Network Defender (CND)
  • Offensive Security Wireless Professional (OSWP)
  • Offensive Security Certified Professional (OSCP)
  • Certified Ethical Hacker (CEH)
  • Web Penetration Tester (EWPT)
  • Scrum Master Certified (SMC)
  • Pentest+
  • Comptia Advanced Security Practitioner (CASP+)
  • Cybersecurity Analyst (CYSA+)
  • Security+

The benefits of security testing

There are numerous benefits of employing security testing:

 

1.) Detect and remediate security gaps

A penetration test aims to identify how an adversary can successfully attack and compromise your organizations applications, networks, users and endpoints from exploiting unknown internal and external vulnerabilities. A Threat Risk Assessment can identify unknown vulnerabilities that can be exploited to break your security controls in order for the adversary to achieve privileged or unapproved access to your mission and business software systems and applications. The results emanating from security testing will either confirm that there exists a legitimate threat posed by particular security vulnerabilities or faulty processes -or- conversely determine that no such gaps exist. When vulnerabilities are identified, IT management and security experts can begin to undertake remediation efforts.

2.)  Meet audit and compliance requirements 

IT departments are often asked to address the overall audit and compliance requirements presented by regulations such as HIPAA and PCI-DSS and report testing outcomes to the appropriate authority. The executive report produced by Canary Trap at the end of every Threat Risk Assessment can assist organizations in evading substantial penalties for non-compliance. Completing a Threat Risk Assessment will illustrate ongoing due diligence and commitment to best practice security by maintaining required security controls and presenting them to assessors, auditors, business partners and clients.

3.) Circumvent the time and cost associated with loss of business continuity

Recuperating from a security breach can be time consuming and expensive. Recuperation may include IT remediation efforts, retention programs, customer protection, legal activities, reduced revenues, dropped employee output and loss of brand reputation. A Threat Risk Assessment can help mitigate these potential outcomes by identifying security gaps and vulnerabilities for remediation.

4.) Protect customer loyalty and company image

Even a single occurrence of compromised customer data can destroy a company’s brand and negatively impact its bottom line. Completing a Threat Risk Assessment can help your organization to avoid security-related incidents that may put the company’s reputation and reliability at stake.

5.) Service disruption and security breaches are expensive

Security faults and any associated disruptions in the performance of applications or services may cause debilitating financial harm, damage an organization’s reputation, irrevocably damage customer loyalties, generate negative press, and incur unanticipated fines and penalties. Completing a Threat Risk Assessment of your critical software systems and applications mitigates the risk of such events.

Ready to get started?

We’ve made it easy!

Contact us today by sending us a quick note or get a head start by submitting our online Scoping Questionnaire.

  • This field is for validation purposes and should be left unchanged.

Submit the Threat Risk Assessment Scoping Questionnaire