Information Security

& Privacy Assessments

Affordable CyberSecurity and Privacy assessments for Small to Medium Business

Our team can help you assess your current Information Security and Privacy Controls to ensure that you are doing your due-diligence in managing your corporate risk profile. We will work with your staff to set the expectations, understand the requirements, and develop an assessment against industry best practices, as well as peer businesses. If any gaps or vulnerabilities are discovered, our team will document these as well as steps to remediation.

Listed below are our most popular assessments:

If you wish to discuss any other type of Information Security Governance, Architecture, Operational assessment please contact us for an appointment.

CyberSecurity Maturity Assessment

An Infosec Maturity Assessment is a two week engagement to assess your Information Security practice against the ISO 27002 industry standard controls. (read more...)

During this engagement, we will conduct interviews with your staff, from HR, Compliance, Audit, Legal, Corporate Communications, Information Security, Privacy, Developers, and IT Operations.

We will assess the current level of understanding, documentation, and implementation for the various standard Information Security controls.

The deliverable is both a technical as well as an executive document and presentation detailing your current Information Security Program's maturity profile across the various controls and base-lined against your industry peers.

Threat Risk Assessment (TRA)

This is a 2-3 week engagement to analyze your network operating systems and applications for vulnerabilities, examine potential threats associated with those vulnerabilities, and evaluate the resulting security risks. (read more...)

The level of threat is determined from the potential for any natural, human or environmental source to trigger or exploit any identified vulnerability.

The risk assessment looks at both the probability of that threat occurring, and the impact on both system and organization should it occur.

The deliverable is both a technical as well as an executive document and presentation detailing your current Threat/Risk profile across your infrastructure. Where vulnerabilities have been identified, we will provide a list of remediation options: quick wins, short term goals, and investments required - placed on a potential roadmap.

Privacy Impact Assessment (PIA)

This 2 week engagement will assess your current privacy controls in place to protect the Personally Identifiable Information of your Employees, Vendors, and Clients. We will base the assessment on the current Canadian PIPIDA fair information principles. (read more...)

A privacy impact assessment (PIA) is a process used to determine how a program or service could affect the privacy of an individual. It can also help to avoid or lessen possible negative effects on privacy that might result from a program or service.

The deliverable is both a technical as well as an executive document and presentation detailing your current Privacy controls, and their effectiveness as implemented. Where gaps are identified, we will provide a list of remediation options: quick wins, short term goals, and investments required - placed on a potential roadmap.

Privileged Access Assessment

This 2-4 week engagement will review your current Identity and Access Management program, specific to Privileged Access Management. The engagement will consist of a series of interviews across IT Operations. (read more...)

Between interviews, a review of your Standard Operating Procedure documentation, and a network based discovery, we will enumerate and classify your existing Privileged Access accounts (both user and service accounts). We will document the controls that are in place for these privileged accounts, and identify any gaps and/or risks in the existing controls and processes. This assessment will look at the application of administrative accounts (Domain admin, local admin, root equiv, etc) for on prem, in the cloud, and remote (3rd party vendor access).

The deliverable is both a technical as well as an executive document and presentation detailing the current use of Privileged Access across your organization including gaps and risks. A list of remediation options will detail quick wins, short term goals, and investments required - placed on a potential roadmap.

Network Architecture Assessment

This 1-2 week engagement is an in depth architectural review of your overall corporate network architecture. This is a vendor agnostic assessment, looking for control points and functional processes in place. (read more...)

Based on Industry best practices, and leveraging NIST guidelines, we will review each security control and its associated processes for completeness and effectiveness against your stated Risk Appetite.

The deliverable is both a technical as well as an executive document and presentation detailing the effectiveness of your current architectural controls and any gaps identified. A list of remediation options will detail quick wins, short term goals, and investments required - placed on a potential roadmap.

Cloud Architecture Assessment

This 1-2 week engagement is an in depth architectural review of your overall cloud infrastructure architecture. This is a vendor agnostic assessment, looking for control points and functional processes in place. (read more...)

Based on Industry best practices, and leveraging guidelines from the Cloud Security Alliance, we will review each security control and its associated processes for completeness and effectiveness against your stated Risk Appetite specific to your chosen Cloud Service Provider.

Cryptographic Controls Assessment

This 3 week engagement will assess your use of cryptographic controls to secure Intellectual Property in transit as well as at rest across your corporate network, as well as in the cloud. (read more...)

We will assess your X.509 (SSL/TLS) certificate management controls and processes for discovery, creation, renewal, and revocation both internally and externally (Self Signed and Commercial/ On prem and in the cloud) across all platforms: Windows, UNIX, MainFrame, Network Appliances, Database, File Systems. We will assess your SSH keypair management controls and processes for discovery, creation, renewal, and revocation across all platforms (on prem and in the cloud): Windows, UNIX, MainFrame, Network Appliances, Database, File Systems.

The deliverable is both a technical as well as an executive document and presentation detailing the effectiveness of your current cryptographic controls to protect data in transit as well as at rest and any gaps identified. A list of remediation options will detail quick wins, short term goals, and investments required - placed on a potential roadmap.

Let us know how we can help

your small business!