ENTERPRISE WIDE CYBER SECURITY ASSESSMENTS
The purpose of these engagements is to evaluate an organization’s current security risk posture and identify areas of vulnerability and improvements within the environment as it may relate to people, process and technology. The result of a cyber security assessment yields a current state report with detailed list of potential work packages that an organization can execute to help improve its overall security risk posture. These work packages can include the development of organizational policies, processes, employee training programs, security awareness and contingency planning, and the adoption and implementation of specific technology and solution recommendations.
If an organization has a specific scope of work to evaluate the effectiveness of existing security capabilities; Riszq Inc. provides targeted services around vulnerability management and penetration testing at both the network and infrastructure, and application level (including red, blue and purple teaming exercises). These evaluations and reports can be based on continuous subscription-based engagements or can be a one-time ad-hoc activity.
CYBER SECURITY OPERATIONS CENTER (BUILD, RUN. OPTIMIZE)
Riszq Inc. will review your organization’s current capacity to build and operate a security operation center. Often times, this assessment may yield an organization to either build such services in-house or obtain such services through a Managed Security Services Provider (MSSP). In either case, whether it is to build a SOC in-house or outsource functions of the SOC to a MSSP, Riszq Inc. will assist your organization throughout this journey at both the technological and operational level to ensure this core capability is present and available within your organization. Building an organization’s SOC capabilities can take anywhere from 4 weeks – a year depending on the organization size, speed of change, and adaption to new technology and processes. A SOC will contain core capabilities of Security Information and Event Management (SIEM), Security Analytics, Threat Intelligence (TI), Vulnerability Management, Security Orchestration Automation and Response (SOAR) and Device Management such as monitoring and management of EndPoint Threat Detection and Response (ETDR) tools, Database Activity Monitoring (DAM), Network Access Control (NAC) monitoring, firewall management.
CYBER INCIDENT RESPONSE SERVICES
Does your organization know what to do in the event you are attacked (insider or external threat)? In the event of a ransomware/ransomworm infection, do you know how to handle the incident and negotiate with the cyber criminals? Riszq Inc.’s specialized incident response consultants will work with your organization to appropriately respond to an incident and ensure any damage or leakage is kept to a minimal.
BUSINESS CONTINUITY AND DISASTER RECOVERY PLANS (DEVELOPMENT AND TESTING)
We work with the business to appropriately address any Business Continuity Planning (BCP), Business Impact Analysis (BIA) or Disaster Recovery (DR) planning as it may relate to your cyber (IT) assets. These services are based on a retainer; an organization would sign a retainer agreement with Riszq Inc. and we will become the extended security arm of the organization.
CYBER SECURITY AWARENESS AND TRAINING (CYBER SIMULATIONS)
It is important to ensure that all employees have awareness on how to interact and manage an organization’s assets (mobile, laptops, etc.). Riszq Inc. provides a number of cyber security awareness and training options catered to individual needs of organizations. These services can range from a short half-day training to a more extended week or longer duration training depending on the organization’s requirement and depth of cyber simulations that will be conducted and executed upon.