Carve Performs two types of risk assessments: organizationally focused and application or product focused. The goal of Carve’s organizationally focused Risk Assessment service line is to streamline a traditional Risk Assessment, giving our clients quick and actionable feedback to improve their security posture. The main goal of an application or software specific risk assessment is to perform traditional threat modeling for a specific application or product. Carve also offers a light-weight, rapid, version of its organizational risk assessment.
Carve works with your organization to understand and address existing security concerns, and perform a gap analysis to identify the “unknown unknowns.” Our consultants learn your business model, and how currently deployed technologies enable the business to function.
Through staff interviews and interactive white boarding sessions, Carve identifies and document critical assets, network topologies, and existing security controls.