Cyber Security Risk Assessment

What is included in a Cyber Security Risk Assessment?

Discovery Consultation. An in-person or Zoom consultation attended by You and one of Our representatives in which we ask a series of discovery questions to familiarize ourselves with Your hardware, software, equipment, network, IT system, configuration, infrastructure, products and processes constituting Your IT environment (Your “IT Network”). Discovery consults are typically 30-60 minutes in length.

Install Remote Access Tool. Following the Discovery Consultation, We will install a remote access software that allows Our team to access and scan your network for malware and vulnerabilities.

Scan for Personally Identifiable Information (“PII”). PII refers to any data that can be used to identify an individual. Examples include your addresses, email, phone numbers, IP addresses, banking credentials, login IDs, account details and more. Our scans determine where personal and sensitive data is located and what it contains so that we can make recommendations as to how you can ensure compliance and avoid breaches or loss.

Scan for Exposure to Known Vulnerabilities. We use trusted scanning engines to perform a vulnerability scan of your servers, cloud systems, websites and endpoint devices, in order to identify cybersecurity weaknesses in your digital infrastructure and make recommendations as to what steps You may take to avoid costly data breaches.

Scan Equipment and Compare with CIS/NIST Standards for Security. CIS/NIST benchmarks are a set of best-practice cybersecurity standards for a range of IT systems and products developed by cybersecurity experts and industry research institutes. Our review analyzes whether Your IT Network is in line with the recommended baseline configurations to ensure compliance with industry-agreed cybersecurity standards.

Run Phishing Test. In this test, We create simulated phishing emails and/or webpages to be sent to You without advance notice, in order to determine Your security weaknesses. These simulated attacks are designed to help You understand the different forms a phishing attack can take and its identifying features, and to help You avoid clicking malicious links or leaking sensitive data in malicious forms. An overview of the test results with suggestions for improvement will be provided in the Risk Assessment Report.

Perform Dark Web Scan. Our dark web scan checks the dark web for your information among lists of stolen data, such as usernames and passwords, Social Security numbers, and credit card numbers. This data is usually stolen during data breaches and is bought and sold on the dark web. If we discover your data on one of these sites, our report will advise you of the necessary next steps to protect your organization and data in the future.

Run Software as a Service (SaaS) Scan. This scan allows us to scan Your network perimeter, identify potential threats relating to SaaS solutions currently in use, and provides a report of possible security risks.

Evaluate Equipment and Infrastructure. We take a detailed look at your hardware and infrastructure to identify vulnerabilities and bottlenecks such as outdated hardware and equipment, connectivity and integration problems, and other issues that prevent Your IT Network from running at its highest uptime potential. We will make recommendations for troubleshooting network elements that cause inefficiency, or may recommend a complete network overhaul if necessary.

Present Results and Recommendations. We will provide You with a Risk Assessment Report outlining the findings of the risk assessment, including an executive summary and detailed reports of the scans performed. You can use this Risk Assessment Report to make strategic decisions on managing the identified risk moving forward. Our recommendations will include tasks and items which in Our opinion are required to bring the Environment up to the standards recommended by Us. We will also make a recommendation as to the monthly reoccurring services to maintain the environments security and provide for quick and safe recovery in the event of a breach or issue.

Our Process – The Data Gathering: The CyberSecurity Risk Assessment



Cost and Time Requirements: It takes an average of 10-14 business days to complete a cybersecurity risk assessment. Cost of $1500 for first 15 devices, then $100 for each additional device (server or workstation). We have a 15 device minimum for all risk assessments.

Limitations on Services. The above Services consist solely of the analysis of Your IT Network with the purpose of identifying risks and ultimately recommending an ongoing managed service plan to mitigate those risks going forward. The Services involve no additional work such as repairs, installation of hardware or software, troubleshooting of issues, hardware/equipment repair or management, cybersecurity services, or any other tasks related to managing Your IT Network or preventing, mitigating, repairing or responding to issues with Your IT Network. Any services not specifically listed in this Agreement require the execution of a separate Master Service Agreement (MSA) between You and Us, along with any applicable Statements of Work and Service Schedules detailing the scope, liability allocations and payment terms.
Why is a timely cybersecurity risk assessment review meeting important?

 Time is not a friend of most assessments as things or results can change rapidly. As result aging, they can lose their relevancy. On top of this, our assessment staff may need to redo the assessment (labor) if too much time passes (30 days is the normal limit from the start of the assessment process). Most review meetings are scheduled 7-14 days after the start of the cybersecurity risk assessment.

Something came up, how many times can we reschedule?

 We understand things can happen. Due to the time sensitive nature of a cybersecurity risk assessment, we provide 1 reschedule as a courtesy. The rescheduled appointment should be no later than 7 days from the original date of the cybersecurity risk review meeting. On the 7th day, the timer for your credit promotion will begin. 

What happens if the time limit passes (30 days and later)?

The assessment credit is lost and a new assessment will need to be completed. The new assessment will be bound by the same timeliness requirements of the original assessment. 

How does my assessment credit change as time goes on?

As time passes, your credit will lessen. The schedule is as follows: 100% credit of cyber security risk assessment costs if service agreement is signed within 72 hours of risk review, 75% credit within 7 days, 50% credit within 14 days, 25% credit up to 30 days and no credit if after 30 days.

Fill out the form below to schedule your Cyber Security Risk Assessment


Print Friendly, PDF & Email