Risk Based Threat Assessment in Chicago

Protect against the five MITRE ATT&CK Types

ransomware risk

How do you verify your resiliency in the event of a cyber attack?

the likely threats to your organization is the best approach to prepare and protect. Regular reviews establish a baseline of your controls and performance, and a method to improve your security posture and fix any vulnerabilities.

Enhance your protection against the five MITRE ATT&CK Types listed in Center for Internet Security’s Community Defense Model. The HALOCK Risk-Based Threat Assessment, using HALOCK’s Duty of Care Risk Analysis (DoCRA) methodology, combines security guidance from Center for Internet Security, Inc. (CIS®), MITRE, The National Institute of Standards and Technology (NIST), and the VERIS Community Database (VCDB) to provide this unique offering.

Organizations can prioritize security controls to enhance or implement using the best threat data the cybersecurity community offers. This results in budget and resource efficiencies by addressing the security areas of highest concern and in order of importance, to increase your resilience to cyber attacks.

The Five MITRE ATT&CK Types:

  • Ransomware attack
  • Malware attack
  • Insider Abuse attack
  • Web App attack
  • Persistent External attack

The Methodology and Deliverables

This DoCRA based threat assessment includes interviews with your organization’s personnel using the CIS Critical Security Controls (CIS Controls) to understand how your security is currently deployed.

A risk register will be created and each applicable CIS control scored.

Using the scores generated from the risk register, a heat map will be created for each attack type identifying the vulnerabilities that impose the greatest threat to your organization.

Analysis and recommendations are provided at each stage to give you the priority road map to improve your risk posture.

The Risk-Based Threat Assessment can be a one-time project or an annual program to continually model threats. You can choose 1 or up to all 5 attack types for the assessment. Clients can use a previously completed risk register or initiate a new one.


Prioritize Remediation Using What Matters Most To You:

  • Maturity of security controls and NIST CSF Security Functions
  • Risks associated with security controls
  • MITRE ATT&CK Types
  • Your roadmap from current risks to ‘reasonable’ controls


Download the Overview



HALOCK, a trusted risk management and cybersecurity consulting company headquartered in Schaumburg, IL, near Chicago, advises clients on reasonable security throughout the US.

Learn about the latest risks, threats, and attacks in the HALOCK Breach Bulletin

CONTACT US