We first check the foundation before we start building
Voordat OpenSIEM wordt geïmplementeerd in de onderneming nemen wij graag een risico analyse af. We controleren de IT-infrastructuur op risico’s. Daarna brengen we de risico’s goed in kaart, zodat de beste prioritering gemaakt kan worden om security issues op te lossen. Wij willen niet de voordeur monitoren zolang de achterdeur openstaat.
Risk assessment steps.
1. Identification of the assets
With an asset we check every piece of software, hardware, data or data center and how well they are secured. Each asset is given a specific priority so that it becomes clear where the greatest risks can occur.
2. Identification of the threats
A threat can be that a system is hacked, but also fire or water damage, power failure or an employee with malicious intentions.
3. Identification of the vulnerabilities
Vulnerabilities focus on the systems and processes that are used. Are all systems up to date and how do you know that? Has a penetration test been performed on systems and what is the policy for Data-Loss-Prevention, for example.
4. Analysis of control resources
What are the privileges within the infrastructure and who is authorized for what? And what is the control protocol for this?
5. Estimation of probability and impact
Based on the first four steps, an estimate can be made of which incidents will occur more often and what it will cost a company if it actually happens. Each asset will be given an impact and probability ranking.
6. Reassessment of the assets
The new insights will lead to the control of the most important threats.
7. Record results
After the platform is implemented, the new results can be processed and each asset can be reviewed over time to ensure security continuously.
Op basis van de bovenstaande stappen, wordt het likelihood-model ingevuld. Elk asset wordt geplaatst in een bepaalde schaal en op basis van deze schaal wordt de mate van intensiteit bepaald voor de cyber security.
Most attention will be paid to the asset with the highest risk. This does not alter the fact that other threats with a lesser risk do not receive attention. OpenSIEM's all-round security ensures that every linked endpoint is protected and monitored for suspicious situations.