Information Security

& Privacy Assessments

Affordable CyberSecurity and Privacy assessments for Small to Medium Business

Our team can help you assess your current Information Security and Privacy Controls to ensure that you are doing your due-diligence in managing your corporate risk profile.  We will work with your staff to set the expectations, understand the requirements, and develop an assessment against industry best practices, as well as peer businesses.  If any gaps or vulnerabilities are discovered, our team will document these as well as steps to remediation.

 

Listed below are our most popular assessments:

If you wish to discuss any other type of Information Security Governance, Architecture, Operational assessment please contact us for an appointment.

Log Management

M&A Cyber Risk Assessments

Depending on the regulatory requirements and the size and complexity of the target company, we offer three levels of Cyber Risk assessments for M&A activities:

 

Bronze

  • Information Security Program Maturity Assessment
  • Infrastructure Security Controls from the Internet
  • Infrastructure Security Controls from Internal Access
  • Discovered Network Attached Assets List

 

 

Silver

  • Information Security Program Maturity Assessment
  • Infrastructure Security Controls from the Internet
  • Corporate Website / Client Portal Security Controls
  • Infrastructure Security Controls from Internal Access
  • Remote Access / 3rd Party Access Controls (VPN & B2B)
  • Asset Management Assessment
  •  

Gold

  • Information Security Program Maturity Assessment
  • Infrastructure Security Controls from the Internet
  • Corporate Website / Client Portal Security Controls
  • Infrastructure Security Controls from Internal Access
  • Cloud Based Services Infrastructure Controls (IaaS,PaaS)
  • Cloud Based Services Security Controls (SaaS)
  • Industrial Controls Security - IoT/IIoT/SCADA/ICS
          • Remote Access / 3rd Party Access Controls (VPN & B2B)
          • Asset Management Assessment
          • Breach Readiness Assessment
          • Dark Web Assessment

To find our more, click here  -->  M&A Assessments

Log Management

CyberSecurity Maturity Assessment

During this engagement, we will conduct interviews with your staff, from HR, Compliance, Audit, Legal, Corporate Communications, Information Security, Privacy, Developers, and IT Operations.

We will assess the current level of understanding, documentation, and implementation for the various standard Information Security controls.

The deliverable is both a technical as well as an executive document and presentation detailing your current Information Security Program's maturity profile across the various controls and base-lined against your industry peers.

Threat Risk Assessment - TRA

Threat Risk Assessment (TRA)

The level of threat is determined from the potential for any natural, human or environmental source to trigger or exploit any identified vulnerability.

The risk assessment looks at both the probability of that threat occurring, and the impact on both system and organization should it occur.

The deliverable is both a technical as well as an executive document and presentation detailing your current Threat/Risk profile across your infrastructure.   Where vulnerabilities have been identified, we will provide a list of remediation options: quick wins, short term goals, and investments required - placed on a potential roadmap.

Privacy Impact Assessment - PIA

Privacy Impact Assessment (PIA)

A privacy impact assessment (PIA) is a process used to determine how a program or service could affect the privacy of an individual. It can also help to avoid or lessen possible negative effects on privacy that might result from a program or service.

The deliverable is both a technical as well as an executive document and presentation detailing your current Privacy controls, and their effectiveness as implemented. Where gaps are identified, we will provide a list of remediation options: quick wins, short term goals, and investments required - placed on a potential roadmap.

Privileged Access Management - PAM

Privileged Access Assessment

Between interviews, a review of your Standard Operating Procedure documentation, and a network based discovery, we will enumerate and classify your existing Privileged Access accounts (both user and service accounts). We will document the controls that are in place for these privileged accounts, and identify any gaps and/or risks in the existing controls and processes. This assessment will look at the application of administrative accounts (Domain admin, local admin, root equiv, etc) for on prem, in the cloud, and remote (3rd party vendor access).

The deliverable is both a technical as well as an executive document and presentation detailing the current use of Privileged Access across your organization including gaps and risks. A list of remediation options will detail quick wins, short term goals, and investments required - placed on a potential roadmap.

Network Architecture Assessment

Network Architecture Assessment

Based on Industry best practices, and leveraging NIST guidelines, we will review each security control and its associated processes for completeness and effectiveness against your stated Risk Appetite.

The deliverable is both a technical as well as an executive document and presentation detailing the effectiveness of your current architectural controls and any gaps identified. A list of remediation options will detail quick wins, short term goals, and investments required - placed on a potential roadmap.

Cloud Architecture Assessment

Cloud Architecture Assessment

Based on Industry best practices, and leveraging guidelines from the Cloud Security Alliance, we will review each security control and its associated processes for completeness and effectiveness against your stated Risk Appetite specific to your chosen Cloud Service Provider.

The deliverable is both a technical as well as an executive document and presentation detailing the effectiveness of your current architectural controls and any gaps identified. A list of remediation options will detail quick wins, short term goals, and investments required - placed on a potential roadmap.

Cryptographic Controls Assessment

Cryptographic Controls Assessment

We will assess your X.509 (SSL/TLS) certificate management controls and processes for discovery, creation, renewal, and revocation both internally and externally (Self Signed and Commercial/ On prem and in the cloud) across all platforms: Windows, UNIX, MainFrame, Network Appliances, Database, File Systems. We will assess your SSH keypair management controls and processes for discovery, creation, renewal, and revocation across all platforms (on prem and in the cloud): Windows, UNIX, MainFrame, Network Appliances, Database, File Systems.

The deliverable is both a technical as well as an executive document and presentation detailing the effectiveness of your current cryptographic controls to protect data in transit as well as at rest and any gaps identified. A list of remediation options will detail quick wins, short term goals, and investments required - placed on a potential roadmap.

Let us know how we can help

your small business!