Leonardo is an expert in the identification and analysis of cyber risk to digital systems and capabilities, adhering to international best practices around risk management and information security, including NIST SP 800-30, ISO 27005 and ISO 31000.
Cyber threat modelling and assessment
As a global leader in the design and production of cutting-edge battlefield sensing technologies used in some of the highest threat environments, Leonardo has extensive experience in threat modelling capabilities that are deployed in diverse and dynamic environments supporting critical Defence missions.We have also assessed digital systems and technologies across much of the UK’s critical national infrastructure covering platforms, applications, services, systems, sites and organisations.
Cyber risk identification
Leonardo has significant experience in decomposing highly complex interconnected digital systems and services, before then modelling viable threat scenarios across both adversarial and environmental threat actors. We use several internationally recognised threat vector frameworks, often with tailoring to suit specific technological nuances of the assessment target. These frameworks include:
- MITRE ATTACK
- MITRE ICS
- MITRE ATLAS
- MITRE SPARTA
- NSA CTTF
- MICROSOFT DREAD
- OWASP TOP 10
Risk assessment
Within analysis and evaluation of risk t, Leonardo has real world experience in the difference and effective delivery of the identification of adverse events and the transposition of these events to risk, whereby the probability of event execution and their impact on the underlying target objectives is gauged to provide an indication of native and then residual risk. Crucially, this means that there is a clear “so what” to all potential adverse events that are prioritised based on how likely they are to occur and what impact they would have on the mission, both before you apply security controls, and after.
The accuracy and quality of our cyber risk identification and assessment products are underlined by our accreditation from the UK National Cyber Security Centre which recognises Leonardo as a certified supplier in Cyber Risk Management. Our in-depth experience as a large enterprise has seen us deliver cyber risk management to a variety of sectors including:
- Defence Platform, Missions, and Services
- Aviation Platforms, Embedded Systems and Ground Services
- Telecommunications, Operations Support Systems (OSS) and Radio Access Network (RAN) services
- Energy Generation and Distribution
- Critical Digital Infrastructure
Choose Leonardo to help you accurately and efficiently identify and assess the cyber risks impacting your system, mission, platform, service, application, capability, site or organisation.
