Explore how we stack up against business and technical alternatives.

Business Alternatives

Audits make sure a risk management program is being followed, but it aligns with the regulatory body and not the organization itself.  A Threat Sketch Risk Assessment puts the organization at the center of everything.

It’s a little technical, but we wrote a an article about the difference between audits, and other tactical risk management tools.

Unless you just want to roll the dice with the whole organization, you need a Threat Sketch Risk Assessment to help you understand just how bad things can get.

We have an article about why the wait and see approach leads to high failure rates among small businesses that experience cyber security attacks.

Every good vendor wants to know how to align themselves better with the organization.  A Threat Sketch Risk Assessment allows you to give them the context they seek, and better manage key relationships.

Technical Alternatives

We have a great article that explains how vulnerability assessments differ from strategic risk assessments. In short, a vulnerability assessment is a tactical tool and a risk assessment is a strategic tool.

We have a great article that explains how penetration tests differ from strategic risk assessments. In short, a penetration test is a tactical tool and a risk assessment is a strategic tool.

Threat intelligence is a real-time vulnerability assessment with Bayesian statistics.  It is a great tool for incident response teams to stay ahead of attackers, and better manage the kill chain.  However, it lacks a way for executives to insert strategic influences into the results, which is necessary for strategic planning.  A Threat Sketch Risk Assessment uses broader industry data to ensure more outcomes are evaluated than just those that are seen most frequently on the front lines. That may seem counter intuitive, but it makes sense for gray swan events which is often where the majority of risk lies.