Carve Performs two types of risk assessments: organizationally focused and application or product focused. The goal of Carve’s organizationally focused Risk Assessment service line is to streamline a traditional Risk Assessment, giving our clients quick and actionable feedback to improve their security posture. The main goal of an application or software specific risk assessment is to perform traditional threat modeling for a specific application or product. Carve also offers a light-weight, rapid, version of its organizational risk assessment.

Carve works with your organization to understand and address existing security concerns, and perform a gap analysis to identify the “unknown unknowns.” Our consultants learn your business model, and how currently deployed technologies enable the business to function.

Through staff interviews and interactive white boarding sessions, Carve identifies and document critical assets, network topologies, and existing security controls.

Organizational Risk Assessment

  • Software Security Practices
  • Office Network Security
  • Employee on/off-boarding procedures
  • AWS Security
  • Sensitive Data Storage
  • Mobile Device Security (including laptops)

Threat Modeling

  • Data Protection and Cryptography Usage
  • Authentication and Authorization
  • Data Validation
  • Session Management
  • Errors and Logging