The purpose of the design phase is to jointly discuss and agree upon objectives, scope and participants of the engagement. Depending on expectations, special emphasis during the project can be placed areas of focus or concern. Most importantly, a session agenda for later deep dives will be drafted at this stage. Sessions will be sliced based on topics and / or areas of responsibility to ensure the adequate level of depth can be achieved and the right output is yielded at the end.
The second phase is meant to equip and prepare the engagement team to run deep dive sessions most efficiently. Based on checklist and bespoke custom scans of the environment, an initial understanding of the attack surface and digital footprint of the company is built. The team will further review documentation and other material that helps to save valuable time and connect the dots later on. Based on these results, the agenda for deep dives will be fine-tuned.
Deep-dive workshops - as the name suggests - aim to systematically dissect the scope at hand to derive strengths, weaknesses and potential attack vectors. Workshops are meant to be 30m-2h sessions. Depending on the context, we will selectively go deep into configuration and implementation or stay more shallow on an architecture, concept or process level. Observations made by the team will later be transformed into insights, initiatives and additional artefacts that drive resilience.
Assessment reports contain a lot of structured information and valuable detail to address both executives as well as operational stakeholders. At the core, reports lists numerous security enhancing initiatives. Initiatives describe the work required to elevate the security status from where it is today, to where it needs to develop. These are mostly tasks, in rare cases projects, or similar activities. Instead of vague objectives, initiatives are specific and atomic in nature, with a clear scope and designated person or team responsible for execution.
We've created the following service for you