Skip to main content

Mitigation Workshop

Updated over 5 months ago

Service Overview

This workshop is conducted following the completion of CYE’s Security Risk Assessment. It is designed to review and address the identified vulnerabilities, which are documented in Hyver, CYE’s Continuous Threat Exposure Management (CTEM) platform. These vulnerabilities are mapped to relevant threat sources and linked to the organization’s critical business assets, allowing a structured evaluation of their potential impact. Leveraging graph theory and algorithms, CYE recommends mitigation strategies that are prioritized based on both risk reduction impact and cost-efficiency.

Methodology

After reviewing the attack graph and identified vulnerabilities, CYE formulates short-term and long-term mitigation plans. These plans are developed using graph-based algorithms that prioritize based on both business impact and cost efficiency.

The mitigation strategy is then reviewed with the client and relevant technical teams. The collaborative workshop focuses on root cause analysis and aligning recommendations with existing tools and operational realities such as budget constrains. During the session, the proposed plan is refined to suit the client’s specific needs, challenges, and unique characteristics of their environment.

Deliverables

  • A Hyver-based action plan broken down by workstreams, mapped to relevant security domains or technical teams

Prerequisites

  • Completion of CYE's Security Risk Assessment prior to the workshop

Customer Engagement

The engagement includes two stages:

  • Preparation: Cooperation of personnel with relevant domain expertise

  • Workshop: A half-day session with the client’s technical teams (based on the organization’s structure)

Relevant Standards

  • NIST Cybersecurity Framework

  • Common Vulnerability Scoring System (CVSS)

Security Domains Covered

  • Cross-organization policies, procedures, and governance

  • Security operations, monitoring, and incident response

  • Network level security

  • Servers, network equipment, and endpoints security

  • Application-level security

  • Sensitive data and information management

  • Identity management and remote access

Related Articles
Risk Assessment
Mitigation Graph Overview
Mitigation Graph Components
Creating a Mitigation Graph
Mitigation Graph Creation Workflow
Did this answer your question?