Risk Assessments
      Back to home
      1. Knowledge Base
      2. Knowledge Base
      3. Risk Assessments

      Risk Assessment Applications Discovery

      The application discovery process is used to identify all third-party and cloud vendor applications used within an organization as part of the Risk Assessment Process.

      What is the Application Discovery?

      The application discovery process is used to identify all third-party and cloud vendor applications used within an organization. An application is software used by an organization (e.g. Microsoft Word). An application vendor is the company or organization that provides the software (e.g. Microsoft). 

      Using the list you provide, Choice Cyber Security will identify and document the available security measures for each application. This can include measures such as (but not limited to): 

      • Two-factor authentication 
      • Single Sign-On
      • Biometric Authentication

      If applicable, vendor compliance is identified. This could include frameworks such as (but not limited to): 

      • HIPAA
      • FINRA
      • ISO 27001
      • NIST

      Dynamic Management - Security Assessment On-boarding Presentation.pptx

      Types of Applications

      We are looking for any cloud vendors and applications that access, store, process or transmit sensitive data. Be sure to include any of the following applicable vendors and applications as well as any company or industry specific resources:

      • Email
      • Email encryption solution
      • Cloud-based document storage
      • Project management platform
      • CRM
      • Bookkeeping software
      • Credit card processors
      • Awareness training platform
      • ERP system
      • Virtual meeting platforms
      • VOIP phone systems
      • Password management software
      • Payroll resources
      • Benefits resources
      • Background check solution
      • Marketing applications

      Completing the Application Discovery Form

      • Step 1: Download the application discovery template using the secure link provided below (or click here).
      • Step 2: Open the file in your preferred spreadsheet application. Choice Cybersecurity recommends Microsoft Excel or Google Sheets.
      • Step 3: Complete the Name column with the full name of each application used in your organization.
      • Step 4: Complete the Usage column with what your organization uses the application for.
      • Step 5: Complete the Sensitive Data Touched or Stored column with a description of the data that each application sends, receives, accesses, or stores. The more detailed the description, the more robust the application analysis can be.
        • Specifically, clearly state the sensitive data an application interacts with, such as: 
      • Social Security Numbers
      • Credit Card Numbers
      • Bank Account Numbers
      • Other Private Financial Information
      • EPHI / PHI (Electronic Protected Health Information / Protected Health Information)
      • Other PII (Personally Identifiable Information)


      Applications Discovery Form

      Here is a completed example:

      Name Usage Sensitive Data Touched
      Zoom Teleconferencing Employee Credentials
      Hubspot CRM Client Information, Client Email Addresses
      Office 365 Email General Company Documents, Employee & Client Email Addresses
      Stripe Payment Processing Client Billing Information, Client Credit Card Numbers, Client Email Addresses