Mergers & Acquisitions Can be Messy

The TrustedSec Mergers & Acquisition (M&A) Threat Inheritance Assessment draws on our knowledge of advanced threat actors, experience responding to security breaches, and extensive expertise evaluating security programs.

TrustedSec helps you assess, reduce risk, and address potential security gaps throughout the merger or acquisition process. This assessment is designed for organizations seeking a rapid cybersecurity threat assessment as part of an M&A process. This engagement analyzes and measures the acquisition’s environment to determine what threats may be present. After the analysis, the client receives a report outlining the findings and recommendations. The findings will assist in the decision on whether initiatives to connect the business networks should continue or if additional remediation/mitigation efforts are required before the systems are integrated.

 

The TrustedSec Difference

TrustedSec will evaluate the acquisition target’s cybersecurity programs across five (5) core security domains, each of which is mapped to compliance, security, and industry frameworks.

This methodology gives focus around current data protection capabilities and the soundness of current protection and detection capabilities. These areas are often the highest risk to the acquiring organization:

Data Protection

  • Evaluates the data protection framework and capabilities
  • Determines whether adequate data classification and identification capabilities exist
  • Defines high-target information assets
  • Data storage and external data transfer mechanisms are reviewed

Access Controls

  • Reviews the access controls policy and procedures
  • Assesses whether suggested security controls appear to be leveraged
  • Reduces the risk of inappropriate access to sensitive data
  • Onboarding and termination procedures are reviewed
  • Ensures proper controls are enforced for data access

Incident Detection & Response

  • Reviews existing people, processes, and technologies deployed
  • Detects, analyzes, escalates, responds to, and contains advanced attacks
  • Determines whether an incident is detected
  • Assesses if the current capabilities are able to respond and contain a threat?

Infrastructure Security

  • Reviews protection mechanisms, policies, processes, and configurations deployed throughout the network and endpoints
  • Ensures that effective controls are in place to prevent compromise
  • Reviews email/web filtering, IPS/IDS, remote access tools, and monitoring capabilities
  • Determines maturity and level of protection

Threat Inheritance Assessment

  • Performs a series of baseline internal/external vulnerability assessments
  • Documents all known enterprise vulnerabilities
  • Reviews key assets for known Indicators of Compromise (IoCs)
  • Determines if an adversary may have already breached the target’s systems