Protect Your Board of Directors with ThreatAdvice Cyber Director

Cyberdirector ta

ThreatAdvice Cyber Director is the ultimate monthly security compliance checklist and monitoring tool. It provides C-level executives and Boards of all types of entities visibility into their security posture from an independent third party on a regular basis. By performing regularly scheduled cybersecurity vulnerability scans of your network and charting historical trends, your Board of Directors will know exactly how well security risks are being managed as well as what questions need to be asked of your IT staff.

ThreatAdvice Cyber Director is not designed to be a comprehensive security audit and penetration test but instead a monitoring and risk discovery tool to be used between the full audits and penetration tests. It assists in maintaining compliance with regulatory statutes in addition to helping your IT staff know about vulnerabilities prior to the auditors finding them. In addition to showing the organization’s current and trending cybersecurity position, ThreatAdvice Cyber Director also provides a schedule of compliant or overdue security objectives such as employee training, CPA audit, phishing exercises, and testing of organizational IT security policy.  Your Board of Directors will have a quick-glance status of when these objectives are to be completed along with a green/red status of those in the past.  Monitoring proactive regulatory compliance efforts couldn’t be easier!

Q. We do an annual IT Audit. What is the benefit of adding ThreatAdvice Cyber Director?

ThreatAdvice Cyber Director is not a replacement for an organization’s annual IT audit.  While annual audits are a vital part of a company’s preventative risk process, the reality of technology makes the audit practically obsolete as soon as it is completed. We have found sever vulnerabilities days after an annual IT audit was conducted. Similar to an annual IT audit, ThreatAdvice Cyber Director is an independent, unbiased reporting tool that provides the Board an ongoing assessment of potential threats in a format that is easily understood by the layperson.

Q. We pay an IT contractor to monitor our network 24/7, what can ThreatAdvice Cyber Director tell us that we aren’t already aware of from our monitoring service?

In instances where an organization employs a 24/7 network monitoring service, Cyber Director’s provides unbiased report to the board  about the performance and effectiveness of the service.  In case the of a cyber breach, directors are likely to learn too late that while services and preventative measures may be outsourced, responsibility for protecting sensitive data cannot be outsourced.  Adding ThreatAdvice Cyber Director to your team demonstrates the board’s proactivity to oversee your company’s cyber risks… no matter who is providing its IT support.

Q. Should credentials be used during vulnerability scanning?

That depends.  Scanning without credentials gives you the same view as a would-be attacker, which in itself is valuable.  The results will show only those vulnerabilities that are detectable directly from the network and the high severity issues found during this type of scan need to be fixed ASAP because they are probably exploitable from the network without any user action required.  Scanning with credentials gives you more information such as missing patches, misconfigurations of services, and other information that just cannot be retrieved without credentials.  For example, a scan without credentials may detect 10 missing patches.  That same scan with credentials may detect 120 missing patches.