Begin your Cyber Security Journey with a Baseline Assessment
Often the most challenging step in assessing your organisation's cyber security stance is identifying the risks associated with your current network, systems, devices, websites and applications.
A baseline assessment is the perfect starting point. It helps enable organisations to develop strong security controls and processes which are essential in building effective defenses against cyber criminals.
In this blog, we discuss what a baseline assessment is, the common weaknesses we find when conducting a cyber security baseline assessment and the risk of not maintaining your organisation's baseline.
What is a Baseline Assessment?
A Baseline Assessment gives your organisation a point-in-time look at its current cyber security stance by evaluating the current network, systems and applications.
Our baseline assessment service line consists of three services which can be mixed and matched to create a bespoke baseline assessment for your organisation. These services are:
- Configuration Reviews, through which we will examine the configuration of your devices and software to highlight where and how safer options can be used
- Vulnerability Assessments, where Secora Consulting will identify and manually verify vulnerabilities that exist on your network, and provide your organisation with a prioritised list of risks and actionable remediation advice
- IT Health Checks, which involves an in-depth assessment of your internal and external security posture
Conducting a Baseline Assessment means that your business can start on the first steps of its cyber security journey by undertaking a strong defence-in-depth approach.
Why do you Need to Conduct a Baseline Assessment?
Completing a baseline assessment gives your business a better understanding of its current assets and enables your organisation to identify issues such as missing patches, out-of-date software and other known issues that may affect the software your organisation uses in office and while working remotely.
The findings from the assessment can then be used by your organisation to build robust policies, procedures and security controls.
Additionally, it is particularly useful for organisations looking for a greater understanding of their current cyber security stance and offers quick tips on how to improve upon it.
How to Maintain your Baseline
Once your minimum security standards have been defined, policies and procedures need to be created to ensure any new networks, systems and applications are managed in the same respect as your current IT assets. This ensures your organisation's robust cyber security posture is maintained.
As your organisation adds more systems, applications and devices, your policies and procedures will have a baseline to work off of to ensure each meets your organisations minimum cyber security requirements.
If and when you come across something that does not meet the standards your organisation has set out, your organisation can make a risk based decision on whether you can move forward with the asset or not.
What are the Weaknesses Commonly discovered in a Baseline Assessment?
Some of the more common issues we discover during a baseline assessment include:
- Default system accounts who have their original passwords
- Legacy systems which contain unknown vulnerabilities and are unsecure
- Systems or services with known vulnerabilities that have not been patched
- Easily crackable weak passwords or passwords stored in clear text format
- User privileges and rights that are not being managed by the organisation
- Poorly secured remote system access
- Weaknesses in encryption
Risks to not Maintaining your Organisations Baseline
If policies and procedures are not in place, along with the minimum security standards, the introduction of new devices and systems ad-hoc will not give the organisation a full picture of where their cyber security weaknesses may lie. Over time, the accumulation of devices which have not been assessed, could have a negative impact on your organisation's overall cyber security posture.
If minimum security standards are not defined by your business, the introduction of devices and systems ad-hoc will not give your organisation a full picture of where the weaknesses may lie. Over time the accumulation of devices and systems could have a negative impact on your organisation's cyber security posture.
How we can help you with your baseline assessment
At Secora Consulting, we take a ‘white-box’ approach to baseline assessments. ‘White-box’ testing is a method of testing which tests internal structures or workings of an application as opposed to its functionality. We do not undertake exploitative testing against your systems.
Our goal is to provide you with a prioritised list of issues which affect your systems. We highlight how the exploitation of uncovered issues could impact your business operations and profitability to help you understand how any issues could affect your day to day operations.
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.
We have arranged our services into four groups based on the objective of the tests.