Cyber Security Diagnostic Assessment

Home / Advisory Services / Cyber Security Diagnostic Assessment

Cybersecurity needs to start, somewhere

Furthermost of modern regulation frameworks, they mandate organizations to have an independent function to govern and manage cybersecurity activities and practices. Either you are establishing this new function of cybersecurity or renovating existing one, you have to know what your current stance in cybersecurity is.

Verifying that your security controls (i.e. technologies, operating processes, or human capabilities) are active and functioning appropriately throughout the IT and OT eco-system is termed cybersecurity posture assessment. Additionally, you may want to benchmark your current posture against common frameworks, standards, or architectures and use that as a guidepost for your future initiatives.

Panoramic view of your cybersecurity posture

We apply a proven methodology to review your governance and management practices, and your IT/OT architecture for missing or weaken cybersecurity controls and to ensure adherence to regulatory and industry-standard best practices. The team begins by reviewing available documentations and network diagrams, then interviewing related team members such as administrators and architects to understand the context of the business and deployed controls. The team also reviews a sample of device configurations for misconfigurations and optimization opportunities, and performs a series of scans against network devices to ensure devices and configurations are working as expected and described, then map any observations with related considerations against assessment framework (ISO 27000, NIST CSF, SWIFT, SAMA, NCA, etc.).

Finally, the team documents current state (i.e. as-is state) of security practices, and controls, notes strengths and weaknesses against today’s dynamic threats, and provides an actionable roadmap (i.e. action plan) with recommendations to optimize and improve threat protection capabilities, and to meet regulatory requirements. Recommendations are grounded in practical business requirements and supported by real-world scenarios and data.

Our Promise

TechArch has the right combination of experience, expertise, and efficiency to be your advisor on defining where you stand in cybersecurity. Our diagnostic assessment methodology is based on following major factors:

  • Optimization-driven
  • Our extensive experience in security engineering enable us to identify if you are getting every Riyal of your investment or not. We aim to squeeze what you already have in your environment.

  • Neutrality
  • TechArch is not a system-integrator company. We do not resell solutions. We do not have pressure to recommend solutions that you do not need. We recommend controls with specific requirements that meets your needs. For us, your cybersecurity is not a commodity.

  • Efficiency
  • Performing a cybersecurity diagnostic assessment covering all of your business aspects requires proficient planning and execution capabilities.

  • Dedication
  • False diagnostic leads to catastrophe procedures. We are committed to dedicate our top-notch resources for executing this kind of assessments, who have skills and experience in the necessary technical and process areas with industry recognized certificates, standards and best practices to fit your business nature, requirements and needs.

The diagnostic assessment is performed on following aspects:

  • Cybersecurity governance and management practices
    • Organizational governance’s principles and structure
    • Roles and responsibilities
    • Policy, management and operating procedures, and business processes:
      • Governance and leadership
      • Threat, vulnerability, and risk management
      • Assets, change, configuration, and patch management
      • Identity and access management
      • Systems engineering and development
      • Situational awareness and information sharing
      • Event and incident response
      • Supply chain and external dependencies
      • Human infrastructure
    • Cybersecurity services delivery and management
  • APTs countermeasures and capabilities
    • Defense and prepare – Culture and education, asset management, threat intelligence, data governance, IAM, security infrastructure, and active monitoring
    • Response readiness – CIRT, incident management, and effective communication
    • Recovery and resiliency – intrusion restriction, disaster recovery, and business continuity

Get in touch

Send us your requirements using the below button and we will get back to you soon