Below is a sample report delivered to a client who completed the Def.Inity assessment. This is intended as a high-level view of executives' awareness of cyber defenses within the firm, to help them obtain some tangible idea of where they are most at risk. We use the Council on Cyber Security's framework, the "20 Critical Security Controls" – hit the link to learn more about each one.
If you would like to complete an assessment, please email firstname.lastname@example.org and we will set you up with a password to the demo site.
Industry Benchmark Data: Education
The screen below shows the average level of compliance with each of 20 Critical Controls across firms in the education space.
- A score of 1 means perfect compliance (which is, in practice, impossible)
- A score of 0 means the subject is aware of the control, but has not complied (in effect, accepting the risk)
- A score of -1 means the subject is not aware of any controls, or unsure what it means to be in compliance (this is the worst state)
Threat Vector Data: Crimeware
Crimeware represents a significant threat, and is especially fond of targeting firms with insufficient care in implementing the controls shown below. The scores between 0-1 indicate the percentage of attacks in which Crimeware was successful in part due to deficiencies in that control.
A score of 0 simply means that being compliant with that control would not have stopped a pure crimeware attack. It is important to remember that many attacks use multiple vectors.
Defense Assessment: Anonymous Test Client
The report below puts 3 components together –
- Industry average compliance
- Anonymous client's self-reported compliance
- Most acute threat vector
You can clearly see where the client departs from industry norms, and where deficiencies represent a vulnerability. The firm has mostly ignored the controls, and remains unaware of protections that would guard against an immediate threat (Control #5)
Mouse over any of the data points to see an output.