Posture Score
Basic protection measures have been taken. Only the most basic attacks are blocked.
Attack vector score
Current cybersecurity threat readiness of four cyber attack categories.
Data Leak
An overlooked exposure in a data storage which might lead to data breach.
Website Defacement
An unauthorized and malicious modification
of web page content.
Ransomware
A threat by a malicious software to either publish or block access to data by encryption, unless a ransom is paid.
Fraud
A crime in which someone gains
inappropriate access to financial or sensitive business information, used to commit fraudulent crimes.
Cybersecurity readiness level
31
Total Policies
3
Meet target score
28
Under target score
A mapping process of your organization shows that 31 security domains must be secured to safeguard the organization from cyberattacks. To increase the organization’s cybersecurity readiness, follow the
custom-made policies of each security domain. For a good cyber hygiene, address first security domains with large gaps between current and target score.
Company readiness by security domain
DOMAIN
SCORE
Access
5.2
Active Directory
3.1
Asset Management
3.2
Awareness
1.7
Business Continuity
3.3
Change and Configuration Management
5.5
Compliance and Auditing
3.1
Data Protection
8.8
Domain and DNS
10
Email and Messages
1.8
Environmental Controls
8
Hosted Network
2.6
Hosted Server
2.4
Human Resources
1.4
Incident Response
1.6
Information Security Management
5.5
Logging and Monitoring
5.1
Microsoft 365
3.2
On-Premises Network
5.2
On-Premises Server
2.3
Operations and Maintenance
6
Passwords
3.5
Physical Infrastructure
6.6
Remote Access
5.6
Risk Management
5.8
SaaS
3.6
Service Provider Management
3.9
Scan findings
Scanning networks and applications exposes hidden infrastructure vulnerabilities. Addressing these vulnerabilities will reduce the chances of your organization being the subject of a cyberattack.
64
Total findings
2
Critical
16
High
42
Medium
2
Low
2
Info
External scan
Microsoft Secure Score
External Nessus scan
Internal network scan
Sample findings
Each finding addresses a specific asset and details the specifics of its detected vulnerabilities.
Using the Cynomi platform, you can review online or download the full list of findings.
SOURCE
SEVERITY
FINDING
ASSET
Internal network scan
On-premises workstation password in not required for computer users
192.161.0.110
Internal network scan
Not all domain controllers are set up with the same operating system
192.168.0.11
Risk mitigation plan
The risk assessment of your company revealed 426 tasks to address. 112 tasks have been added to your risk mitigation plan.
112
Total findings
37
Critical
73
High
1
Medium
1
Low
Plan breakdown
Task status
50
Completed*
71
Not started
14
In progress
7
Deferred
* Includes tasks in status done or fulfilled
Appendix A – Work Plan
NAME
POLICY
STATUS
DUE DATE
ID
Vulnerability Management
In progress
Jan 17, 2023
CY 1-107803
Hosted Network
In progress
Feb 1, 2023
CY 1-924331
Workstation and Mobile Devices
In progress
Feb 28, 2023
CY 1-802662
On-Premises Server
In progress
Mar 15, 2023
CY 1-979306
Email and Messages
In progress
Mar 16, 2023
CY 1-579275
Software Development
In progress
Mar 16, 2023
CY 1-684484
Hosted Server
In progress
May 18, 2023
CY 1-498191
Software Development
In progress
Jun 15, 2023
CY 1-065333
Awareness
Not started
Jan 31, 2023
CY 1-555493
Change and Configuration Management
Not started
May 18, 2023
CY 1-426565
Active Directory
Not started
May 19, 2023
CY 1-438206
Email and Messages
Not started
Jun 14, 2023
CY 1-756858
Access
Fulfilled
Nov 11, 2022
CY 1-653918
Active Directory
Fulfilled
Dec 13, 2023
CY 1-643598
Email and Messages
In progress
Mar 9, 2023
CY 1-021332
Software Development
In progress
Mar 15, 2023
CY 1-958311
Business Continuity
In progress
Mar 16, 2023
CY 1-879894
Appendix B – NIST-CSF Compliance Report
Detailed Report
This report details your organization’s compliance status with the framework, for the purpose of initial evaluation. This status is based on information provided by you about your organization.
CONTROL
SEVERITY
FINDING
Ready To Get Started?
Contact Us!
Unlock a complimentary VCISO sample report consultation. Discover expert insights and recommendations to fortify your cybersecurity strategy.
About
BSA is a cybersecurity firm founded in 2019, with a decentralized global presence, led by experienced partners. Offering risk mitigation solutions such as emerging technologies, staffing and advisory services, vulnerability assessments and accredited security solutions to meet compliance standards and drive revenue for clients.
Company
Network and Resource
Contact Info
Phone: +1 908 440 7926
Email: info@bridgesecurtiyadvisors.com
Address: 591 Cone Hill Rd, Richmond, MA 01254
Let's Connect
Copyright © BridgeSecurityAdvisors 2023. All rights reserved.