The threat of Cyberterrorism to our technical infrastructure is real and immediate. Computers and servers in the United States are the most aggressively targeted information systems in the world, with attacks increasing in severity, frequency, and sophistication each year. As our nation’s critical infrastructure grows more reliant on information technologies, it also becomes more exposed to attackers, both foreign and domestic. These attacks can threaten our nation’s economy, public works, communication systems, and computer networks.

Let the experienced experts a 9DSS help your organization improve their Cybersecurity posture.

CARVER Cybersecurity Methodology

9DSS uses the CARVER analysis methodology to conduct a Cyber Defense Analysis.  CARVER is an acronym that stands for Criticality, Accessibility, Recuperability, Vulnerability, Effect and Recognizability. Using CARVER analysis, we can identify our customers Key Cyber Terrain and possible vulnerabilities in both their network security posture and operating procedures. Each component of CARVER can be applied to the CyberSecurity posture of any organization:

Criticality: The target value. How vital is this to the overall organization? A target is critical when its compromise or destruction (failure to provide any of the CIA triad components) has a highly significant impact in the overall organization.

Accessibility: How difficult is it to reach a target? What are the target defenses? Is an insider needed? Is the target system networked or air-gapped?

Recuperability: How long will it take for the organization to replace, repair, or bypass the destruction or damage caused to the target? Once the compromise was found, how long will it take for the system to recuperate from disruption, degradation or destruction?

Vulnerability: What degree of knowledge is needed to exploit the target? Can known exploits be used or can new, possible 0 day exploits be used?

Effect: What’s the impact of the attack on the organization’s operational capability?

Recognizability: How identifiable is the target from a remote location? To what degree is a specific system, network or device, to include countermeasures, identifiable to an attacker?