Risk Assessment

Square One Technologies Inc. was engaged to conduct a Risk Assessment for the North Dakota Electric Cooperative, Inc., specifically against the globally trusted CIS (Center for Internet Security) Critical Security Controls (CSC) framework, which aligns with general security best practices. The objective of this engagement was to evaluate the risks of the scoped I.T. Systems and Operational Technology (OT) Environments to determine if they were properly managed and functioning according to industry standards. To accomplish this, Square One Technologies was granted interview access to key personnel and provided with essential documentation, including cybersecurity policies, vulnerability scan reports, and technical data. The risk assessment leveraged the full spectrum of the 18 CIS Critical Security Controls, ranging from asset and software inventory (Controls 1 and 2), to data protection (Control 3), secure configuration (Control 4), access management (Controls 5 and 6), continuous vulnerability management (Control 7), incident response (Control 17), and penetration testing (Control 18). In addition to the policy documentation analysis, which focused on enterprise policy governance, the engagement included practical security testing and vulnerability scans (internal and external) to determine risks. These scans focused on critical areas such as authentication, authorization, session management, input/output validation, configuration, and business logic to identify strengths, weaknesses, opportunities, and threats (SWOT) and provide effective security improvement recommendations. Upon completion, Square One Technologies submitted a comprehensive report and presentation that blended the policy review, staff insights, and technical observations to provide actionable recommendations for reducing risks (financial, legal, reputational).