THE WHY

Sometimes the best solution is to get technical. Dive into binaries, network configurations and applications. At other times, the best solution is to take a step back, use a more holistic approach and review an organization’s cyber security as a whole.

Organizations benefit greatly from simply discussing and reviewing an organization’s IT infrastructure with a cyber security specialist. Often, organizations find that small changes and additional procedures go a long way in improving the organization’s cyber resilience.

Nordic Resilience offers to assist organizations with their cyber security maturity by advising them based off reputable frameworks and best-practice approaches to cyber security.

THE HOW

To best assist organizations with an assessment of their cyber security, Nordic Resilience utilizes the reputable framework CIS Critical Security Controls for Effective Cyber Defense. The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. A principal benefit of the Controls is that they prioritize and focus a smaller number of actions with high pay-off results. The Controls are effective because they are derived from the most common attack patterns highlighted in the leading threat reports and vetted across a very broad community of government and industry practitioners.

Because no two organizations are identical, we believe it is important to deliver a customized experience for every client. Several meetings will be required between Nordic Resilience and the client, to provide the most up-to-date, relevant and thus valuable assessment of the organization’s cyber security.

THE DELIVERABLE AND DURATION

The deliverable consists of a single commercial-grade report that contains a list of our observations. These observations will include detailed descriptions of the issue, remediation steps and security risk assessment. As such, all observations will be manually scored with a risk-assessment (CVSS or Low/Medium/High/Critical), in order to assist the organization with the priority of remediating each one.

An assessment of an organization’s cyber security takes 14 days but this varies from organization to organization and case to case.