Security Risk Assessments

A Security Risk Assessment is an assessment that involves identifying the risks in your company, your technology, and your processes to verify that controls are in place to safeguard against security threats. Our team utilizes  Top 20 CIS Controls when evaluating your risk posture, as well as any industry-specific compliance regulations.


Basic CIS Controls

1. Inventory and Control of Hardware Assets

2. Inventory and Control of Software Assets

3. Continuous Vulnerability Management

4. Controlled Use of Administrative Privileges

5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

6. Maintenance, Monitoring, and Analysis of Audit Logs

Foundational CIS Controls

7. Email and Web Browser Protections

8. Malware Defenses

9. Limitation and Control of Network Ports, Protocols, and Services

10. Data Recovery Capabilities

11. Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches

12. Boundary Defense

13. Data Protection

14. Controlled Access Based on the Need to Know

15. Wireless Access Control

16. Account Monitoring and Control

Organizational CIS Controls

17. Implement a Security Awareness and Training Program

18. Application Software Security

19. Incident Response and Management

20. Penetration Tests and Red Team Exercises