Define the Risks
Defend the Assets

Enterprise Strategy
Operational Focus
Right-sized Solutions

Discover how LeveL5Cyber’s team of hands-on, industry experts can help your organization in today’s evolving threat landscape. As regulations, risks, and business needs change, it is imperative that your cybersecurity program is mature and compliant. Each assessment we offer is designed with current industry standards in mind to evaluate your specific business needs. We strive to provide clarity and build confidence in your systems as you take your business to the next level.

Our Assessments

OT Risk Assessment

The LeveL5Cyber OT Risk assessment is focused on Operational Technology (OT) environments, such as manufacturing and other critical infrastructure facilities within an organization. It is based on the NIST Cybersecurity Framework (CSF) and other NIST standards focused on manufacturing, such as the NIST Interagency Report (IR) 8183. This assessment is used to identify quantified risks in the OT environment and includes an overview of the network architecture, analysis of network traffic flows, OT firewall configuration reviews, system log reviews and analysis. Our proven methodology identifies threat types, business and financial impacts and results in a prioritized list of the identified risks along with estimates of cost and effort for remediation of identified gaps. A detailed project plan with actionable steps for prioritized remediation efforts is included with this assessment.

Governance

  • Goals & Objectives
  • Policies & Standards
  • Processes & Procedures
  • Risk Appetite

Risk

  • Asset Inventory
  • OT Architecture
  • Communication Flows
  • Firewall Configurations
  • Log Reviews
  • Standards Mapping
  • Risk Assessment

Awareness

  • Tactical Plan
  • Strategic Remediation
  • Final Report
  • Executive Outbrief

– Measure your organization’s OT cyber posture using industry accepted frameworks

– Reduce the probability of potential safety incidents through a cyber attack

– Create a repeatable process to identify and prioritize gaps within the OT cybersecurity program

– Receive actionable recommendations that lead to strategic and tactical plans of action to reduce your risk while improving your cybersecurity maturity

Third-Party Risk Assessment

The LeveL5Cyber Third-Party Risk Assessment is designed to identify and evaluate quantified risks of third-party applications. This service identifies the relevant threats to the client’s environment and includes the probability of the event and the potential financial impact. This risk assessment leverages the NIST (SP) 800-30 standard to maximize the results.

Risk

  • Identification
  • Analysis & Evaluation
  • Treatment
  • Acceptance
  • Communication
  • Monitor and Review

Governance

  • Policy & Standards
  • Risk Profile
  • Risk Appetite & Tolerance
  • Legal & Regulations

Response

  • Risk Treatment Plan
  • Exceptions
  • Risk Action Plan
  • Closing Report

– Evaluate vendor risk to determine the level of exposure

– Build out a prioritized and actionable roadmap

– Develop ongoing monitoring and reporting

– Define a consistent, repeatable process

CMMC Readiness

The LeveL5Cyber CMMC-Readiness Assessment helps organizations in the Department of Defense (DoD) supply chain meet the mandatory cybersecurity maturity certification level they must comply to maintain existing and future contracts. It is paramount that organizations are fully prepared at the time of the audit and know exactly where they stand against the required security controls, as the failure of any CMMC audit item may disqualify the organization from competing for DoD contracts. The LeveL5Cyber CMMC-Readiness Assessment prepares the organization by clearly identifying potential gaps in compliance and providing an actionable path forward for mitigation.

Preparation

  • DFARS Validation
  • DFARS Readiness
  • CMMC Mapping
  • CUI Scoping
  • Artifact Analysis

Assessment

  • Maturity Level Scope
  • POAM Identification
  • System Security Plan
  • Tactical planning
 

Readiness

  • POAM remediation
  • Journey partnership
  • Audit Preparation
  • Outbrief and Educate

– Receive prioritized recommendations in both a strategic and tactical plan of action

– Define the areas where FCI/CUI may flow during their lifecycle

– Bring to light areas of risk surrounding tangential systems and data

– Simplify control criteria awareness and messaging

Data Protection Assessment

The LeveL5Cyber Data Protection Assessment & Protection Roadmap is a customized maturity assessment specific to areas including technology and processes, which are critical to detecting and preventing data loss. LeveL5Cyber’s team incorporates interviews and an evaluation of the company’s solutions (tools) to provide a comprehensive security risk posture. This risk assessment will consider many of today’s threats and how those threats are measured against the customer’s data leakage protection, detections and response capabilities.

Governance

  • Org Strategy
  • Responsibilities
  • Policies & Standards
  • Business Processes
  • Organizational Assets
  • Legal Agreements

Risk

  • Asset Valuation
  • Assess
  • Analysis
  • Evaluation
  • Treatment
  • Acceptance
  • Communications
  • Monitoring & Review

Awareness

  • Ownership
  • DLP Plans
  • User Education

– Identify risks that are specific to people, process, and technology within your workstreams

– Perform a variety of comprehensive interview-based data gathering sessions

– Identify strengths and weaknesses in current, or planned, DLP controls

– Review and align data classification and threats to current threat actors’ tactics, techniques and processes

NIST CSF IT

The LeveL5Cyber NIST Cybersecurity Framework (CSF) is a traditional type of assessment based on proven framework that helps organizations understand their current cyber posture in terms of adhering to the defined requirements, identifying gaps in compliance, and providing actionable and prioritized recommendations for mitigating identified gaps.

Business

  • Asset Management
  • Business Environment
  • Governance
  • Awareness and Training
  • Response Planning
  • Communications
  • Improvements
  • Recovery Planning
  • Improvements

Risk

  • Risk Assessment
  • Risk Management Strategy
  • Supply Chain
  • Analysis
  • Communications

Technology

  • IAM and AAA
  • Data Security
  • Information Protection
  • Maintenance
  • Protective Technology
  • Anomalies and Events
  • Continuous Monitoring
  • Detection Processes
  • Mitigation

– Measure your company’s cyber posture using industry accepted frameworks

– Identify and prioritize gaps within the cybersecurity program using repeatable processes

– Receive actionable recommendations that lead to strategic and tactical plans of action

Ransomware Readiness

The LeveL5Cyber Ransomware Readiness assessment is a customized, quantitative assessment based on the proven NIST 800-30 process and the maturity controls from the NIST Cybersecurity Framework (CSF). The assessment is tailored to focus on controls that help prevent a ransomware attack, proliferation of the malware and data integrity. The results of the Ransomware Readiness assessment help organizations identify the effectiveness of controls in their cyber program as it pertains to a ransomware attack and provides an actionable, prioritized path forward for effectively defending, responding, and containing these types of attacks.

Planning

  • Prioritization
  • Orient & Scope
  • Resource Management

Modeling

  • Architectures Guidelines
  • Risk Model
  • Standards

Analyzing

  • Maturity Profile
  • Threat Analysis
  • Risk Assessment
  • Mitigation and Funding
  • Remediation

– Deliver a quantitative assessment of an organization’s network and endpoint security controls and practices

– Identify areas of risk surrounding data integrity

– Understand your ability to respond to and contain a ransomware attack

Email Compromise Readiness

The LeveL5Cyber Business Email Compromise (BEC) Readiness assessment is a customized quantitative assessment based on the proven NIST 800-30 process and the maturity controls from the NIST Cybersecurity Framework (CSF). The assessment is tailored to focus on controls that help prevent compromising of the organization’s email account(s) and includes areas that help strengthen those controls, user education and awareness, and other areas. The results of the BEC Readiness assessment help organizations identify the effectiveness of controls in their cyber program as it pertains to an email attack and provides an actionable and prioritized path forward for effectively defending against BEC attacks.

Planning

  • Prioritization
  • Orient & Scope
  • Resource Management

Modeling

  • Architectures Guidelines
  • Risk Model
  • Standards

Analyzing

  • Maturity Profile
  • Threat Analysis
  • Risk Assessment
  • Mitigation and Funding
  • Remediation

– Deliver a quantitative assessment of an organization’s email security controls and practices

– Identify areas of risk surrounding tangential systems and data

– Educate users and administrators on the results that demonstrate effectiveness

– Deliver a quantitative assessment of an organization’s payment process controls

OT NIST CSF

The LeveL5Cyber NIST Cybersecurity Framework (CSF), as it is applied to Operational Technology (OT) takes on new meaning. Our professionals have direct experience within manufacturing environments and understand your current cyber posture in terms of adhering to the safety requirements, identifying gaps in compliance, and providing actionable and prioritized recommendations for mitigating identified gaps.

Business

  • Asset Management
  • Business Environment
  • Governance
  • Awareness and Training
  • Response Planning
  • Communications
  • Improvements
  • Recovery Planning
  • Improvements

Risk

  • Risk Assessment
  • Risk Management Strategy
  • Supply Chain
  • Analysis
  • Communications

Technology

  • IAM and AAA
  • Data Security
  • Information Protection
  • Maintenance
  • Protective Technology
  • Anomalies and Events
  • Continuous Monitoring
  • Detection Processes
  • Mitigation

– Measure your company’s cyber posture using industry accepted frameworks

– Measure your OT safety and cyber posture

– Repeatable process to identify and prioritize gaps within the cybersecurity program

– Receive prioritized recommendations in both a strategic and tactical plan of action

DFARS Assessment

The LeveL5Cyber DFARS assessment helps organizations in the Department of Defense (DoD) supply chain meet the requirements of the NIST 800-171 security controls. The assessment provides the organization’s current maturity level against the DFARS requirements and identifies gaps in compliance by providing actionable and prioritized recommendations for closing gaps. Failure to meet DFARS compliance can result in that organization’s ability to compete for DoD contracts potentially resulting in a significant business impact.

Preparation

  • Current State Review
  • FCI / CUI Scoping
  • Documentation Review
  • Artifact Gathering
  • Artifact Analysis
  • Security Plan Review
  • POAM Review

Risk

  • NIST 800-171 Assessment
  • POAM Updates
  • Update SSP
  • Tactical & Strategic
 

Readiness

  • Final Report
  • Executive Outbrief
  • Readiness Follow-Ups
  • POAM Remediation
  • SSP Updates

– Receive prioritized and actionable recommendations documented in the Plan of Actions and Milestones (POAM)

– Assist with validation of the assessment scope where FCI/CUI may flow during their lifecycle

– Update SSP and POAM documents required for conducting business with the DoD

– Simplify control criteria awareness and messaging

Application and Infrastructure Risk

The LeveL5Cyber Application and Infrastructure risk assessment is designed to identify quantified risks of customer-defined critical applications and includes the systems and infrastructure that these applications reside on. This service identifies the relevant threats to the client’s environment and includes the probability of the event and the potential financial impact. This risk assessment leverages the NIST (SP) 800-30 standard to maximize the results.

Governance

  • Goals & Objectives
  • Policies & Standards
  • Business Processes
  • Organizational Assets
  • Risk Profile
  • Risk Appetite & Tolerance
  • Legal & Regulatory

Risk

  • Identification
  • Analysis & Evaluation
  • Treatment
  • Acceptance
  • Communication
  • Consultation
  • Monitoring & Review

Response

  • Risk Treatment Plans
  • Third Party Risk
  • Exceptions
  • Risk Action Plan
  • Closing Report

– Identify your risks at an enterprise level

– Correlate the threat landscape to your unique organization

– Build out a prioritized and actionable roadmap

– Cover strategic and tactical plans of action