Cybersecurity designed SPECIFICALLY for small business
In 2018, over 43% of malware related breaches occurred in small businesses—but most small businesses don’t have the budget to afford the expertise or assessments that will help them improve their security posture. Because of this, small businesses often become an easy target for opportunistic malware threats distributed by organized cybercrime syndicates. Small businesses are left with many questions:
How much security is enough?
How do we know what we are doing is enough?
What does a security program look like?
How do we make security measurable, actionable, and attainable?
Dean Dorton has created a proprietary process that helps measure key elements of your security program, and focus provide actionable remediations to improve your organization’s security posture.
Our years of experience conducting technical security assessments and penetration tests have led us to the following conclusion; threat actors use the same tactics in the vast majority of breaches.
The reason for this truth is simple; organizations tend to have the same challenges and issues.
We have designed our methodology to identify these issues, and provide simple metrics to assess your status.
We looked at the most common tactics, issues commonly exploited, and the controls organizations need to implement to mitigate these tactics to design our scope.
The result is a in-depth, detailed review of four core security domains, made up of 17 unique control areas.
Each control area is scored individually. Control area scores are combined to obtain a risk score for each domain, which is then averaged into an overall risk score for the organization based upon a common grade scale.
Want to learn more about our assessment and process? Download our detailed whitepaper that discusses each control and the scoring methodology employed.
METRICS THAT MATTER
What metrics do you need? How do I measure these?
These are questions that Dean Dorton’s Cybersecurity Scorecard Assessment provides the answers for.
We have developed a grading system that measures the accumulated risk based upon identified security issues or ineffective controls. These risk ratings are combined to provide both domain-level and overall organizational risk.
To further communicate what these means, we tie the risk levels back to a threat actor scale (courtesy of the Verizon Data Breach Report) to help you understand the types of threat actors your current posture protects against, and who you are still vulnerable to.
These metrics are provided in the form of three deliverables:
The executive presentation provides a high level review of the results of each domain, and visualizations of key data collected (such as attack surface maps).
SECURITY ASSESSMENT REPORT
The security assessment report contains an analyst overview of the collected data, including detailed analysis of each control area. The report also includes a detailed action item list to hand off to your IT team our outsourced managed service provider.
The excel report includes several tabs (one for each domain) and detailed action items (down to the host level) of issues that contribute to risk observed for the environment. System Administrators can use these details to remediate specific issues that will increase the security posture of the organization, and improve the overall risk score.