Risk Management For SME Businesses, powered by Black Kite

Complete and accurate picture of the Cyber, Compliance and Financial risks.

Do you know your technical security risks?

Powered by the Black Kite platform, the risk assessment produces easy-to-understand letter grades and defensible data details behind 20 risk categories. The non-intrusive report passively evaluates your domain and does not touch your systems or network assets. 

The assessment follows and applies commonly-used frameworks developed by the MITRE Corporation for scoring software weaknesses in a consistent, flexible, and transparent manner, converting highly technical terms into business language for executives.

It then provides a graphical distribution in the form of a heat map to determine the status and severity of each finding. Our assessment leverages MITRE and NIST to further confirm the criticality of each threat.

Is your security budget being spent in the areas that deliver value?

The traditional approach is to engage a Cyber Consultancy company to run an assessment, usually over a few days, then write a report to show you where your weaknesses are, then address them and then repeat this process again and again throughout the year, as new threats just keep coming!

An alternative way would be to have a SaaS platform that has continuous Cyber risk monitoring which will show your technical risks (and step by step guide on how to mitigate them), financial impact of a breach (in monetary terms) and your compliance status.

That way you avoid additional consultancy costs and can focus your internal efforts on addressing the risks, as and when they arise.

How does the Risk Assessment work, and what does it Identify?

The Black Kite Cyber Risk platform examines the target domain and infrastructure landscape to identify and assign a score across your three main risk areas, Financial Risk, Technical Risk and Compliance Risk. This process does not touch your environment, no agents or appliances installed whatsoever.

Non-Intrusive Scans

The platform uses Open-Source Intelligence (OSINT) and non-intrusive cyber scans to identify potential security risks, without ever touching your environment.

Speed of results

We are helping companies quickly and easily understand the risks they face covering, technical risk, financial risk and compliance risk in a simple management report.

Licensing Model

There are 2 main ways that you can licence a Cyber Risk Assessment, an annual licence, or a 60-day licence, the following are our recommendations for each type:

Annual Licence

An annual licence is recommended for all businesses to gain an understanding of your security, compliance and financial posture. The annual licence will give you 24x7x365 monitoring of their risk and alerts can be sent if anything changes in your security posture.

60-day Licence

A 60-day licence is recommended to give you a snapshot of your posture, we recommend that this is repeated annually to enable you to determine if your security is increasing or decreasing.

Financial Risk, Technical Risk and Compliance Risk Assesment

Technical Risks

Easy-to-understand letter grades and defensible data details behind 20 technical risk categories (see below). The non-intrusive report passively evaluates third-party vendors and cyber insurance subscribers and does not touch an organization’s systems or network assets. The platform follows and applies commonly used frameworks developed by the MITRE Corporation for scoring software weaknesses in a consistent, flexible, and transparent manner, converting highly technical terms into business language for executives.

Financial Risk

For the first time, CISOs, CROs, CFOs and Finance Directors have an automated tool that measures the probable financial impact of cyberattacks against your company. Reports can then be easily generated to communicate the risks in financial terms and easy-to-understand business terms. The Financial Risk model is based on Open FAIR™ which is the only international standard Value at Risk (VaR) model for cyber and operational risk.

Compliance Risk

Based on Industry standards - NIST 800-53, ISO27001, PCI-DSS, HIPAA, GDPR, and Shared Assessments the platform compliance classification allows you to measure the compliance level of any company for different regulations and standards. The platform then estimates the external compliance of your company and then the cross-correlation capability measures the compliance level of your company, saving time and effort for you. You can also upload evidential proof (questionnaires, Information security policies, GDPR guidelines, process documents etc etc) parses and processes them and automatically map the content to known standards (GDPR, NIST, ISO27001, PCI/DSS etc) giving you a clear picture of your compliance and risk to you without having to analyse each document, saving time, money and effort for all.

Results are Understandable and Simple.

Simple Reporting

We can generate reports for Technical, Financial and Compliance Risk in a matter of minutes. You are then automatically graded with a letter-grade score to help identify and then mitigate potential security risks. The data can then be analysed and compiled into simple, readable reports, detailed company reports, or remediation reports. You can also schedule each type of report and have them automatically sent to the right stakeholders within your business to action if required.

Detailed Company reports

Get a detailed single report showing the risk to you and then drill down into each of the individual sections for compliance, technical or financial risks. You can then share the reports with internal stakeholders, or give them direct access if required.

Remediation reports

A standard report that will give you a step-by-step process to reduce the risks associated within your organisation, this also shows the probable decrease in financial risk and increase in security posture.  CCS, at your request can complete an optional Rapid Assessment and Monitoring Process (RAMP) to work with you to improve your security and reduce the risks to you. This will enable the business to decide on investment of time and effort to improve the overall security posture, while simultaneously reducing the risk.

Ransomware Susceptibility Index (RSI):

The Ransomware Susceptibility Index (RSI) is a new metric in the platform that provides the probable Ransomware risk associated with your organisation. The RSI is the result of curating numerous statistical Ransomware sources and technical ransomware indicators to present to you an "Early Warning System" for possible ransomware activity.

Can CCS reduce your risks?

Utilising the platform, you have already identified the areas that pose the most risk to you, so what do you do next? 

We will lead you through an optional free of charge 60-day Rapid Assessment and Monitoring Process (RAMP) which is designed to initially identify risk and recommend remedial actions to reduce your risk, freeing up your valuable resources. 

We then present you with a final report showing the total risk reduction and how much in monetary terms your risks have reduced along with further recommendations to improve your security posture.

The service can be adjusted to suit all clients in many ways: 

• We can adjust the service to allow for multiple domains 
• We can provide the service to assess risks within your supply-chain

We can also provide specialist Cyber Security Consultancy to assist in helping you reduce your risks. 

Free Risk Assessment

Do you know the risks that you face? Try a free risk assessment to understand the level of detail we can provide for Technical, Compliance and Financial risks.

Key findings from the reports we will share with you are as follows:

• Your overall Cyber Rating Score.
• Your compliance rating across 14 frameworks 
• What would be the financial impact to you if you are breached
• How susceptible you are to a Ransomware attack
• Potential improvements in Cyber Security and compliance
• Potential reduction in financial risk to you, if there was a breach.
• Your benchmark in your industry?
  
• Your Cyber Security vulnerabilities.
• Your Cyber Security heat maps.
• Many more valuable technical, compliance and financial risks.