Cybersecurity Services All our cybersecurity assessment services are structured engagements leveraging a variety of self-assessment questionnaires (SAQ) and internal control questionnaires (ICQ).

Cybersecurity Risk Assessments

A materialized threat is a risk. Risk is the possibility of something adverse happening that will impact confidentiality, availability and/or integrity of critical information assets. Risk management is the process of assessing risk, taking steps to reduce risk to an acceptable level and maintaining that level of risk. Risk management involves risk assessment and risk mitigation. Primary objective of risk analysis is to determine cost-effective safeguards or controls that will reduce risks to an acceptable level. Our approach to risk assessment is based on ISO 27005 and ISO 31000 Risk Management Standards.

HIPAA Compliance and HIPAA Risk Assessments

Security Rule § 164.308(a)(1)(ii)(A) of HIPAA compliance requires that orgnanizations must perofrm a risk analysis. The purpose of a risk assessment is to identify conditions where ePHI could be disclosed without proper authorization, improperly modified, or unavailable when needed. The outcome of risk assessment information is then used to make risk management decisions on whether the HIPAA-required implementation specifications are sufficient or what additional addressable implementation specifications are needed to reduce risk to an acceptable level.

The HIPAA compliance assessment is performed using guidelines as prescribed in the Security Standards for the Protection of Electronic Protected Health Information (the Security Rule). The HIPAA assessment report includes a comprehensive and detailed list of findings and recommendations regarding the implementation of Administrative, Physical, and Technical Safeguards as prescribed by the HIPAA Security Rule.

Identity and Access Management Assessment

IAM assessment utilizes a proprietary framework to evaluate organization’s current IAM maturity by conducting series of onsite workshops to review current business drivers and priorities. Our risk-based methodology leverages capability maturity model to assess current capabilities. Outcome of the engagement provides an assessment report with a capability maturity model and roadmap definition based on key business drivers and organizations priorities. A typical engagement is a combination of onsite workshops and data collection and offsite analysis, report generation and presentation.

IAM Gap Analysis and Readiness Assessment

Whether an organization is implementing a new IAM solution or migrating from an existing one; home-grown or swapping vendors, IAM gap analysis and readiness assessment will address the common pitfalls that are often overlooked. Our structured risk-based assessment methodology helps define an optimum approach to a successful implementation roadmap. Outcome of the engagement provides a detailed gap analysis heat-map index scorecard, roadmap definition and a readiness report. A typical engagement is a combination of onsite workshops and data collection and offsite analysis, report generation and presentation.

Identity Governance Gap Analysis and Readiness Assessment

Today’s organizations are dealing with various regulatory compliance challenges pertaining to identity governance and entitlement certification. An automated solution could address the current shortcomings. However, value proposition of such solution is often fully not materialized due to lack of readiness to make the required transition. Our structured risk-based assessment methodology helps identify the gaps and readiness before embarking on automation. Outcome of the engagement provides a detailed gap analysis heat-map index scorecard and a readiness report. A typical engagement is a combination of onsite workshops and data collection and offsite analysis, report generation and presentation.

Zero Trust Assessments

Zero Trust as a concept is gaining momentum, in particular, CISOs are treating Zero Trust as another tool in their took-kit to improve cybersecurity. The concept of Zero Trust revolves around creating an architecture. Whilst such an architecture is predominantly technology focused and addressed as an organization-wide initiative, a more realistic approach should be risk-based and asset specific. The premise of Zero Trust is to assume breach of trust. The Zero Trust assessment is performed using a proprietary framework to examine current practices around Zero Trust and identify gaps based on defined risk-based framework best practices.