Security Assurance

Every company faces very real security threats. Have you identified yours?

Kickdrum Security Assurance offers quantitative and qualitative risk analysis to determine your top threats to information security, your largest vulnerabilities, and the greatest opportunities for risk reduction through cost-benefit analysis. This work adds a strategic level of analysis to security planning and helps align security goals with your overall organizational objectives.

What to Expect

Kickdrum will develop a range of insights from the following processes:

• Source Code Evaluation: Scan source code repositories to identify software development anti-patterns.
• Vulnerability Scanning: Scan internet-facing devices and applications for vulnerabilities to identify potentially exploitable weaknesses.
• Threat Intelligence: Look for weaknesses beyond the application that could cause reputational harm.
• Cloud Security Posture: Analyze cloud infrastructure for insecure configurations and missing monitoring and alerting systems, including AWS WAF, IAM Policies, VPC configuration, CloudWatch and Cloudtrail, and related AWS network infrastructure.
• Human Factors: The majority of breaches are ultimately the result of human factors. Using social engineering, Kickdrum will evaluate risks due to the human element.

How It Works

Kickdrum Security Assurance works by reviewing program artifacts to understand security assumptions, validating these assumptions through interviews, and engaging with your technical team to grasp security controls, processes, and best practices. Through this work, Kickdrum can prioritize threats to data confidentiality, integrity, and availability to identify top risks for mitigation.

What You Learn

Your work with Kickdrum will answer the following critical security questions:

• Do we meet industry, client, and program security standards?
• Can our security detect and report breaches?
• Is our product secure, protected from supply chain attacks, and ready for incident response?
• Are our security measures consistent and scalable?
• What risks threaten our product confidentiality, integrity, and availability?
• How sensitive is our data, and what's the impact if compromised?
• Given current controls, how likely are threats to breach our assets, and what's the potential impact?
• How does our security risk compare to similar-sized competitors?
• Have we performed threat modeling?
• Do we have a planned response for an incident like a ransomware attack?