Organization or organizational unit
Holistic: Technical, human, organizational.
Strategic and tactical, as well as technically and operationally in part.
To answer the question: “Can aggressors gain access to my ‘most valuable resources’ (Critical Assets) or gain control of my most important systems or business processes (Critical Functions)?” If so, how? What are my detection measures and countermeasures?
Statements and questions:
How secure is my organization as a whole? What gateways do I have that help attackers gain Critical Assets and Critical Functions? How good are my response processes? How well can I proactively block attacks? How well can I detect and respond to attacks?
What are my organization’s key technical, human, and organizational/process vulnerabilities? How well is my defense set up? What are the risks to my business as a whole?
Key vulnerabilities of the organization in the area of technology, processes/organization, and people.
Recommendations and results:
Eliminate blind spots in detection, address vulnerabilities in the three dimensions (technical/process/organizational/human), strengthen response to attacks against the organization, improve proactive and preventive measures for corporate security, strengthen general defenses against attacks (cyber resilience and posture), improve processes, provide direction for security strategy, risk assessment
Professional human aggressors with malicious intent against my own organization
Insiders on Client Side:
Only one or two key people, no one else