We first check the foundation before we start building.
Before OpenSIEM is implemented in the company, we would like to conduct a risk analysis. We check the IT infrastructure for risks. Then we map out the risks properly, so that the best prioritization can be made to solve security issues. We don't want to monitor the safe when the password is out in the open.
Risk assessment steps.
1. Identification of the assets
With an asset we check every piece of software, hardware, data or data center and how well they are secured. Each asset is given a specific priority so that it becomes clear where the greatest risks can occur.
2. Identification of the threats
A threat can be that a system is hacked, but also fire or water damage, power failure or an employee with malicious intentions.
3. Identification of the vulnerabilities
Vulnerabilities focus on the systems and processes that are used. Are all systems up to date and how do you know that? Has a penetration test been performed on systems and what is the policy for Data-Loss-Prevention, for example.
4. Analysis of control resources
What are the privileges within the infrastructure and who is authorized for what? And what is the control protocol for this?
5. Estimation of probability and impact
Op basis van de eerste vier stappen kan er een inschatting gemaakt worden welke incidenten vaker zullen optreden en wat het een bedrijf zal kosten indien het daadwerkelijk zal gebeuren. Elk asset zal een impact en waarschijnlijkheidsranking krijgen.
6. Reassessment of the assets
The new insights will lead to the control of the most important threats.
7. Record results
After the platform is implemented, the new results can be processed and each asset can be reviewed over time to ensure security continuously.
Based on the above steps, the likelihood model is completed alongside.Each asset is placed in a certain scale. Based on this scale, the intensity of cyber security risk is determined.
Most attention will be paid to the asset with the highest risk. This does not alter the fact that other threats with a lesser risk do not receive attention. OpenSIEM's all-round security ensures that every linked endpoint is protected and monitored for suspicious situations.