Do I need cyber security assessment services?
Cyber security assessment services can refer to any number of tests performed to determine and address your cyber security risks. Which assessments you need for your business depends on your type of business, the size of your company and your risk tolerance. However, every business should conduct some level of cyber risk assessment.
The most common cyber security assessment services include:
- Vulnerability assessment to find potential weak spots both within and outside your network than threat actors may be able to exploit.
- Penetration test. A simulated cyber attack on your business by authorized cybersecurity experts (“white hat hackers”). This also identifies risks but are much more involved and expensive. These are rarely needed for most small businesses.
- Network audit and access review. Determines exactly what is on your network and who has access to what. This can find unauthorized software or hardware as well as performance or licensing issues. The access review looks at who has permissions to access and make changes to your network to prevent future issues.
- Compliance audit. This assessment looks at how well your company is obeying the rules, regulations and laws that relate to your particular industry. This can be as common as the PCI compliance required by any business that accepts credit card payments or a niche as defense contractor requirements. Compliance audits look both at what is happening inside your business as with any external partners or vendor relationships that impact your compliance.