Providers that determine and address your cyber security risks are offering cyber security assessment services. Every business should conduct some level of cyber risk assessment. But the types of assessments you need will vary based on your business, company size, industry and your risk tolerance.
The most common cyber security assessment services include:
- Vulnerability assessment to discover potential weak spots inside and outside your network that could be exploited.
- Penetration testing. A “practice” cyber attack is run by authorized cybersecurity experts (“white hat hackers”).
- Network audit and access review, which can determine what is on your network, finding unauthorized software or hardware as well as performance or licensing issues. An access review looks at who has permissions to access or make changes to your network.
- Compliance audit reveals how well your company is obeying the rules, regulations and laws that relate to your particular industry. A compliance audit will find out, from common PCI compliance (required by any business that accepts credit card payments) to specialized requirements for defense contractors. Compliance audits look both at what is happening inside your business and with any external partners or vendor relationships.
