Critical 18 will perform a security assessment to identify the current security posture of your organization. The assessment provides recommendations for improvement, which allow you to set goals that mitigate risk. We employ a strategy to assess the Technology, People, and Process elements of security to ensure all bases are covered.

People are creatures of habit, and it is often these end users of computer networks that pose the greatest liability to security.  By nature, people want to be helpful and provide information, and so Threat Actors will take advantage of Social Engineering attacks to exploit human nature.  By thoroughly assessing the security culture of your organization, and the attitude of people towards information security in general, we can provide a snapshot of current state, and formulate a plan to move toward a future state of organizational Security Awareness.

Technology is ever-evolving, and we can identify which security tools need updating or replacement.  We can provide objective recommendations on new security technology that will help to diminish your exposure to risk.

The main goal of our security assessment is to ensure that necessary security controls are integrated into the design and implementation of a project. A properly completed assessment should provide documentation detailing any security openings concerning a project design and standardized corporate security policies. Management can address security gaps in three ways: Canceling a project, allocating the necessary resources to correct these security gaps, or accepting the risk based on an informed risk/reward analysis and ratio.

Critical 18 wants to understand your business processes, with the goal of identifying any weaknesses within these processes. We will identify gaps that may needlessly expose your organization to excessive risk.  For example, when a vendor calls an Accounts Payable department with a new bank routing number, what process is in place to verify the new routing number is correct?  Is more required than just an email or a phone call? Many fraud scams are perpetrated when 1. a proper vetting process is not in place, and 2. a phishing email is mistaken as legitimate.

We will ask thought-provoking questions about your organization and its leadership. We want to know what information is of greatest value, and what risks are threatening the exposure of this information. We will plainly lay out the risk and reward scenario, so that you can select defensive measures based on your own appetite for risk.