EVALFASTER® - Efficient Vulnerability Assessments
EVALFASTER® strategic assessments enable organizations to reduce risk, balance budgets, and comply with regulatory requirements. Specific actions and remediation steps are prioritized based on business needs, resources, threat likelihood, and applicable standards.
EVALFASTER is different from other approaches in that it:
- Wraps a widely respected government standard (NIST SP 800-30) with Six Sigma-based analysis tools and our team's detailed industry knowledge to perform a cost/benefit tradeoff that balances investment against impact.
- Addresses Cyber Physical Systems that include monitoring and control of the physical world with the cyber aspects at a system level, not simply a checklist.
- Develops a capability within our client’s organization to institutionalize security processes rather than provide ‘bolt-on’ consulting support that leaves when the consultant leaves.
EVALFASTER is applicable to a range of industries with cyber physical systems (oil and gas, electrical utilities, aviation, medical devices, etc.).
We offer the following services to get started:
- Threat Webinar: This 90-minute webinar provides an overview for decision makers on threats to the cyber-physical aspects of the attendee's market, organization, and products. It covers how these threats are evolving, the importance of product security risk management, and the basics of what regulatory agencies are expecting going forward. The webinar can be specific to a particular organization or structured for a more general audience in the same market area.
- Cyber Security Workshop: This two-day onsite workshop develops a foundational understanding of the key principles of security assessment practices as applied to the client’s specific organization and products (or product families). Topics include security standards and regulations, risk assessment process overview, group session to brainstorm vulnerabilities, assess likelihood of occurrence and potential impact, determine risk, and potential mitigation approaches. Recommended attendees are the core group of stakeholders in the target from across the client’s organization.
- Strategic Risk Analysis: This deep-dive provides a comprehensive assessment of the target (company, division, product family, or product), including external factors such as the regulatory environment and multi-mode attacks. The analysis utilizes a database of threats and scenarios to provide a formal, repeatable, and scalable risk assessment. Multiple client stakeholder groups are engaged to provide coverage which bridges organizational silos. These stakeholders actively participate, with guidance from EVALFASTER personnel, in producing a prioritized plan for making strategic investments to mitigate risk within available budgets.
- Medical Device Cyber Security and Risk Management: EVALFASTER can help medical device companies understand and make level-headed, informed decisions regarding the FDA Cyber Security guidelines as reflected in the Risk Management Process published by the Association for the Advancement of Medical Instrumentation (AAMI) (TIR57).
For more information, please send an email to firstname.lastname@example.org.