Types of Cyber Security, Compliance, & Risk Assessments
Sometimes compliance is the reason for looking into security. Other times, it's due to a recent breach - or hoping to prevent one. Whatever the reason, we've got you covered.
The type of cyber security assessment you need depends on your goals, and the cost will depend on the extent of the assessment process. The process for determining if you have all of the necessary security controls in place for compliance is quite different from the process of discovering if an outsider can penetrate your cyber defenses.
Network and IT Environment Risk Assessments
Find out if your security strategy is effective at mitigating cyber risks by testing your defenses, and examining the tactics you have in place to keep intruders out. Get recommendations for what you need to do to build up your security layers or validation that your IT team is up to date with security tactics and best practices.
Internal and External Vulnerability Assessments
Identify gaps that could allow intruders to enter your network from the outside and identify risk points that create vulnerabilities on the inside. Learn more about Vulnerability Assessments.
IT Environment and Best Practices Assessment
In addition to assessing internal and external vulnerabilities, this assessment includes a thorough evaluation of documentation and existing best practices. Learn about cyber security best practices.
Cyber Security Compliance Assessments
Find out if you’re interpreting regulations into appropriate technical and non-technical security controls. Get recommendations for how to close gaps and save costs on compliance.
CMMC Compliance Gap Analysis and Remediation
For organizations in the DoD supply chain that need Cybersecurity Maturity Model Certification. Learn more about CMMC gap analysis & assessments.
NIST Compliance Assessment and Remediation
For companies that want to follow an established security framework or provide security accountability to customers or vendors. Learn more about NIST assessments.
HIPAA/HITECH Technical Compliance Assessment
For organizations and their associates who handle personal health information.
PCI DSS Technical Compliance Assessment
For companies that handle and store credit card information.
4-Step Cyber Security & Risk Assessment Process:
The cyber security assessment process will be customized to meet your goals for compliance, confidence, or validation of your security posture. Some business leaders want their IT security assessment to proceed in stealth mode without the IT team’s knowledge. Others want their IT staff to be involved.
Compliance assessments require a significant amount of collaboration with your staff because the process will include a review of your non-technical as well as your technical security policies. This means that HR and department heads will need to be involved.
Whatever the security assessment, we’ll guide you through a process that has four general phases that encompass data discovery, analysis, report preparation and review.

Phase 1: Access and Document Gathering
You provide us with network access and documentation.
Depending on the type of assessment you need, we may install tools to execute scans or get interviews scheduled to assess policies and procedures. These tools take time, so they'll run for a few days to a few weeks, depending on the size and complexity of your network.

Phase 2: Data Collection
Information is collected from the scanning software.
We’ll schedule a visit to your facility to learn about your processes, interview employees to assess secure behavior, and evaluate physical security as it relates to network access.

Phase 3: Report Preparation
Findings will be assembled in a Gap Analysis or IT Security report.
Recommendations for cyber security improvements will be included along with action items and priorities for next steps -- that way it's clear to the executives and stakeholders where the holes are and what needs to be done moving forward.

Phase 4: Delivery and Review
You'll get a high-level executive summary and detailed reports that we'll review together and answer your questions.
You'll get a clear picture of your security posture and insights you can use whether you work with us in the future or not.
Typical Scope of Work for a Network & Cyber Security Assessment
We'll perform a comprehensive review of the following areas:
- Network Architecture and Protections
- Server Environment
- Workstation Management
- Inbound Firewall Configurations
- Outbound Firewall Configurations
- Evaluate Effectiveness of Patch Management Tools
- Evaluate Anti‐Virus and Anti‐Spyware Tools
- IT-Related Administrative Control Process Review
- Shared Permissions Review
- Internal Vulnerability Scan
- Anomalous Login Detection
- Security Policy Assessment
- Backup, Restoration, and Disaster Recovery Planning
- Physical and Environmental Security
How to Evaluate a Cyber Security Assessment and Compliance Provider
The company that you choose to conduct a cyber security assessment should have deep expertise in security. They should have professionals on their staff that are 100% focused on security, keeping up to date with evolving threats and tactics. They should also have established processes to discover and evaluate existing security and provide recommendations for closing security gaps.
When it comes to developing a plan of action based on your assessment or gap analysis report, you don’t just need technical expertise. You need professionals who can align security controls with your business operations, or give you ideas on how to change your business operations to be more security-minded.
Here are a few questions you can use in your conversation to evaluate cyber assessment companies:
- Do you have any third-party verification of your cyber security expertise?
- Do you have experience with compliance frameworks?
- What security measures do you have in place to ensure that your own company is secure?
How Much Does a Cyber Security & Compliance Assessment Cost?
Assessment services start at $3,499. Exact pricing depends on:
- Size and complexity of your environment
- How deep you want us to investigate
Fill out the form below to request an assessment and we'll put together a quote.
Not ready for a deep-dive? We also offer a FREE high-level, basic assessment. Why?
Because every business owner or manager deserves to know if there are any MAJOR gaps in their security. We'll discuss your current IT situation and your goals, then we'll provide recommendations. We may also run through a quick cyber security checklist, if necessary.
Learn more about cyber security by reviewing our Executive Guide to Cyber Security: Essential Information for Managing Business Risk
What to Do After Your Cyber Security Assessment
The purpose of getting an assessment of your security status is to see if you have gaps. The cyber security recommendations that you receive in your report may have some urgent tasks that you need to complete to lock down your systems fast, and others that will need some planning and investment.
Cyber security is a process that needs to be continually managed so one recommendation that may come out of your assessment is that you should consider an outsourced security partner to help you maintain security and compliance, especially if your IT department or IT support company is small.
Are You As Secure As You Want (or Need) to Be? Find Out For Sure
Unless you’re an expert in all things security, there’s no way that you’re going to know for sure if your company is adequately addressing the risks of cyber crime.
Schedule a meeting to talk to our cyber security and compliance experts so that we can learn about your situation and your goals, and provide a quote for an assessment that will reveal what you need to know.