Next Tier conducts best-practice assessments, which are high-level reviews of a cyber-security program against what we deem to be best-practices. The reviews begin with a threat assessment, which examines the risk to the company in light of any history of attacks to it and its sector peers, and it continues with an assessment of whether defenses are aligned with those threats. We then perform a best-practices review of the company’s posture across a variety of security domains: Vulnerability Management, Incident Response, Network & Perimeter Security, Identity & Access Management, Third-Party Risk Management, Asset Management, Email Security, Data Protection, Security Monitoring, Endpoint Protection, Cloud Security, Governance, Risk & Compliance, and Business Continuity & IT Disaster Recovery. Strengths and weaknesses are identified in each domain and risk conditions are rated as high, medium, or low. Also provided are practical recommendations to address the identified risk conditions. While these best-practice reviews do not comprehensively follow a particular security standard, they are typically NIST-CSF-informed.
Next Tier conducts best-practice assessments, which are high-level reviews of a cyber-security program against what we deem to be best-practices. The reviews begin with a threat assessment, which examines the risk to the company in light of any history of attacks to it and its sector peers, and it continues with an assessment of whether defenses are aligned with those threats. We then perform a best-practices review of the company’s posture across a variety of security domains: Vulnerability Management, Incident Response, Network & Perimeter Security, Identity & Access Management, Third-Party Risk Management, Asset Management, Email Security, Data Protection, Security Monitoring, Endpoint Protection, Cloud Security, Governance, Risk & Compliance, and Business Continuity & IT Disaster Recovery. Strengths and weaknesses are identified in each domain and risk conditions are rated as high, medium, or low. Also provided are practical recommendations to address the identified risk conditions. While these best-practice reviews do not comprehensively follow a particular security standard, they are typically NIST-CSF-informed.