RISK ASSESSMENTS

risk assessments

Cybersecurity Health Check

The Advisory Services team will conduct a lightweight risk assessment covering all 23 categories of the NIST Cybersecurity Framework. This will be accomplished primarily through interviews, as well as document review. The objective is to develop a baseline understanding of the organization’s cybersecurity strategy and implementation, including the people, processes, and technology stack.

cybersecurity health check
gap analysis

Gap Analysis

By analyzing technology and internal personnel, we can discover blind spots in the organization that could lead to a significant compromise. Our team examines the day-to-day function of cyber within the organization, which leads to critical recommendations by exposing vulnerabilities in software, people, and processes. 

Through gap analysis, we help businesses examine their current security posture and compare it to the security posture of competitors in the same industry. A gap analysis can be useful when companies aren’t using their resources, security tools, or technologies to maximize their full potential. By defining the gap, the company’s management team can create a roadmap to move the company forward and fill in the gaps their overall cybersecurity posture.

Security Architecture Review

A security architecture review​ seeks to obtain a solid understanding of a client’s security stack and architecture, including their people, policies, and technology and how they are utilized. We assess the overall organizational cyber maturity level and align the IT and cybersecurity strategy to match your business strategy.

Our team engages all facets of your organization to truly measure the maturity of the security environment. We seek to identify security risks that, when remediated will improve overall security posture; we review any compliance or regulatory requirements and help create alignment when necessary.  

Tabletop Exercises

Tabletop exercises are active, situational-based sessions designed to test how various individuals and teams would respond to a cybersecurity incident in their environment. All tabletops led by our Advisory Services team are based on the most current tactics, techniques, and procedures employed by threat actors, as well as perceived gaps in your current incident response plan. Following the exercise, we identify key findings, opportunities for improvement, and remediation steps to strengthen your ongoing security posture.

Tabletops will help your organization determine maturity in responding to a breach. We take real world threats and apply them to your current exercises to help ensure no single points of failure. Our final deliverable will be a document capturing findings, recommendations, lessons learned, and any other feedback from the engagement. It typically includes specific recommendations to enhance the plan’s effectiveness and usability with respect to preparation, detection, containment, eradication, and recovery related to security incidents. We would also address the roles and responsibilities of stakeholders, escalation and communication processes, threat-specific playbooks, and other critical functions of the incident response process. Finally, test procedures will be suggested to keep the plan current and useable over time. SpearTip offers three types of tabletop exercises.

tabletop exercise
executive tabletop exercise

Executive

Our team walks your executive team through a simulated cybersecurity incident to help prepare an effective response to an event.


technical tabletop exercise

Technical

Our team walks your technical team through a simulated cybersecurity incident to help prepare an effective response to an event.


functional tabletop exercise

Functional

Our team attempts to determine security controls in place and simulates real-world activity in your environment. We identify strengths and growth opportunities in your security controls, team analysis, escalation process, and response efforts.

Project Workflow

Phase 1 | Discovery

SpearTip collects key information related to the engagement.

Phase 2 | Initial Analysis

initial analysisSpearTip reviews the information collected during discovery to develop interview questions and request additional documentation.

Phase 3 | Interviews

InterviewsSpearTip meets with key individuals inside the organization. Interviews allow SpearTip to both collect new information and validate information already collected.

Phase 4 | Main Analysis

main analysisSpearTip analyzes collected documents, data, interview results, and all other information and begins to formulate findings and opinions.

Phase 5 | Follow-Up

Follow-UpSpearTip clarifies received information and analysis to prepare for the final preparation of the deliverables.

Phase 6 | Deliverables

DeliverablesFinalized deliverables are presented to and reviewed with the client.

Phase 7 | Feedback

FeedbackThe client provides feedback and ask questions about the deliverables and findings of the engagement.

Vulnerability Assessments
Security Program Development
Adversary Services
Threat Hunting

Currently Experiencing a Breach?

Please fill out our Information form
and SpearTip will contact you shortly.