The TrustedSec Merger & Acquisition Security Assessment draws on our knowledge of advanced threat actors, experience responding to security breaches, and extensive expertise evaluating security programs.
We help you assess, reduce risk and address potential security gaps throughout the merger or acquisition process. This assessment is designed for organizations seeking a rapid cyber security risk assessment as part of an M&A process. This engagement analyzes and measures the acquisition’s environment and risk levels to determine what risks are present. After the analysis, the client receives a report outlining their findings and recommendations. The findings will assist in the decision on whether initiatives to connect the business networks should continue or if additional remediation/mitigation efforts are required before the systems are integrated.
TrustedSec will evaluate the acquisition target’s cyber security programs across five core security domains, each of which is mapped to compliance, security and industry frameworks.
This methodology gives focus around current data protection capabilities, and the soundness of current protection and detection capabilities. These areas are often the highest risk to the acquiring organization:
- evaluates the data protection framework & capabilities
- to determine whether adequate data classification & identification capabilities exist
- to define high-target information assets
- data storage & external data transfer mechanisms are reviewed
- reviews the access controls policy & procedures
- to assess whether suggested security controls appear to be leveraged
- to reduce the risk of inappropriate access to sensitive data
- onboarding & termination procedures are reviewed
- to ensure proper controls are enforced for data access
Incident Detection & Response
- reviews existing people, processes, & technologies deployed
- to detect, analyze, escalate, respond to, & contain advanced attacks
- if an incident is detected?
- are the current capabilities able to respond & contain a threat?
- reviews protection mechanisms, policies, processes, & configurations deployed throughout the network & endpoints
- to ensure that effective controls are in place to prevent compromise
- reviews email/web filtering, IPS/IDS, remote access tools, & monitoring capabilities
- to determine maturity & level of protection
Threat Inheritance Assessment
- performs a series of baseline internal/external vulnerability assessments
- to document all known enterprise vulnerabilities
- reviews key assets for known Indicators of Compromise (IOCs)
- to determine if an adversary may have already breached the target’s systems
Author: David Kennedy
Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.