CI-Discern
CI-Discern
  • Home
  • Capabilities
    • C-Suite & Government
    • CISO Advisory
    • IT/OT Security Services
    • CCE Risk Assessment
    • Security GRC
    • CMMC
  • Our Team
    • Leadership
    • Featured Team Members
  • Contact
  • More
    • Home
    • Capabilities
      • C-Suite & Government
      • CISO Advisory
      • IT/OT Security Services
      • CCE Risk Assessment
      • Security GRC
      • CMMC
    • Our Team
      • Leadership
      • Featured Team Members
    • Contact
  • Home
  • Capabilities
    • C-Suite & Government
    • CISO Advisory
    • IT/OT Security Services
    • CCE Risk Assessment
    • Security GRC
    • CMMC
  • Our Team
    • Leadership
    • Featured Team Members
  • Contact

Consequence-Driven Cyber-Informed Risk Assessment Exercises

Developed based on Idaho National Lab's Consequence-Driven Cyber-Informed Engineering Methodology

Bridging Operations and Cybersecurity: Where Risk Insight Meets Technical Depth

At CI-Discern, we scope, develop, and facilitate unique risk and resiliency assessment exercises that are based on Idaho National Laboratory’s (INL) Consequence-driven Cyber-informed Engineering (CCE) methodology. 


We design each exercise to bring together business, operations, and cyber/technical team members to:

  1. Identify and prioritize potential consequences that, if realized, could catastrophically impact your organization. 
  2. Evaluate whether the potential consequences could be achieved through cyber means, and if so, how.
  3. Develop and prioritize attack scenarios that are most likely to achieve the potential consequences. And,
  4. Develop mitigation strategies and controls to disrupt the identified prioritized attack scenarios.


With insights gained from these exercises, you can identify single points of failure and hidden risks, allowing you to take proactive steps to enhance your organization’s resiliency and safeguard against future existential threats.


In addition to helping you focus mitigation efforts on truly important risks, this assessment can help participants and stakeholders better understand the business processes and supporting technologies that underpin critical organizational functions.


Our CCE assessments are fully flexible and customizable, designed to meet the unique needs, budget, and timeline of your organization. We can also tailor them to help you fulfill regulatory requirements such as technical and program assessments mandated by the U.S. Coast Guard in the new baseline cybersecurity requirements, by the EPA for America’s Water Infrastructure Act (AWIA), or the Transportation Security Administration (TSA) Security Directives.


In addition, we have a trusted network of penetration testing partners who can help to assess the real impact of potential consequences across IT and OT environments with confidence.

Our Approach

Consequence-Driven Cyber-Informed Engineering Assessment

Understand your organization, people, and mission

We begin by dedicating time to understanding the core of your organization—its people, mission, and operational goals. Through in-person kickoffs, workshops, and direct engagement with your team, we gather critical information to align our process with your strategic objectives and security needs. This foundation allows us to customize every step of the assessment to match your unique environment.

Consequence-Driven Cyber-Informed Engineering Assessment

Identify adverse cyber events and rank severity based on factors tailored to your business

Once we have a deep understanding of your organization, we identify potential adverse cyber events. These events are ranked by severity based on customized criteria, including your business’s most critical functions and assets. By focusing on the consequences rather than probabilities, we prioritize high-impact events that could disrupt your operations. This phase allows us to target the risks that matter most to your organization’s resiliency..

Consequence-Driven Cyber-Informed Engineering Assessment

Investigate and understand your systems

We perform a comprehensive system-of-systems analysis by grouping and mapping your major systems, processes, and interdependencies. This approach helps us understand how your IT and OT environments interact and enables us to identify common paths of entry that could be exploited to execute high-consequence cyber events. By identifying interconnected vulnerabilities, we provide a detailed view of your infrastructure, ensuring that both hidden and obvious attack vectors are thoroughly evaluated. This approach allows us to gain a deep understanding of your operational ecosystem, enabling us to recommend targeted strategies to strengthen your defenses.

Consequence-Driven Cyber-Informed Engineering Assessment

Develop detailed plans to execute adverse cyber events

Next, we develop detailed, consequence-based scenarios simulating adverse cyber events. These plans help your team visualize potential attack vectors, vulnerabilities, and outcomes, providing actionable insights into the most likely impacts. Our accelerated process includes practical, real-world scenarios to prepare your organization for the most severe events, all within a compressed timeline.


Consequence-Driven Cyber-Informed Engineering Assessment

Identify strategies to mitigate the consequences

We conclude the process by identifying the necessary short-term and long-term protections and mitigations to minimize or eliminate the impact of the identified events. Our recommendations are practical and actionable, ensuring that your team can implement them effectively. We focus on aligning these strategies with your organization's budget, resources, and regulatory requirements, providing a clear roadmap for building long-term resiliency.

Why Choose Us

Trusted Partnership Focused on You

We build long-term relationships based on trust and doing the right thing. We will take the time to understand your peoples’ needs, the intricacies of your business priorities, and the complexities of your operating environment.

Bridge Builders and Collaborators

Our diverse, high performing teams cross organizational silos to foster collaboration. Together, we can choose and develop the right long-term strategies to deliver sustainable results.

Tailored Assessment Based on Your Needs

Our consequence-driven assessment is fully customizable to fit your needs, budget, and requirements, ranging from a high-level, 2-4 week evaluation to an in-depth, 6 month+ analysis. Additionally, penetration testing can be added to increase technical depth and meet regulatory requirements, if required.

Unbiased, Expert Advisory

We serve as your independent, trusted advisor, offering unbiased recommendations and strategies aimed at improving your security posture and business outcomes.

Speak with Our Experts

CI-Discern

Charlotte, Washington DC, San Luis Obispo

Copyright © 2025 CI-Discern - All Rights Reserved.

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept