Make Risk-based Decisions
RiskAcuity™ Risk Assessment
Fast, no-fluff risk assessment. What do you have? Where is it? What is the risk to the business if something bad happens to it? Our high-resolution quantitative scoring system ensures that high-risk items float to the top and low-risk items sink to the bottom. Once the risks are scored, we provide recommendations for resolving each one, then assign a level of effort to resolve the issue. This provides an automatically prioritized list that can drive your cybersecurity strategy for the next 18 months. A typical assessment requires one day onsite and is complete within a week.
RiskAcuity™ Deliverables
Simple Security Score: A 1-100 score indicating your security program’s current level of maturity. Learn more.
RiskAcuity™ Report: Executive report that provides a simple overview of critical business risks & resolutions.
Threat & Risk Matrix: A comprehensive security risk assessment that maps the critical data points:
- which data you have
- where it lives
- every threat identified for each asset
- risk score for each threat
- recommendation for how to reduce each risk
- level of effort score for recommended remediation
- prioritized list of recommended actions
Resolution Plan: A documented strategy with a concise, prescriptive plan and timeline for resolution of critical business risks over the next four quarters. The resolution plan can serve as the basis of an 18 month cybersecurity strategy.
RiskAcuity™ Briefing: Board-level review of the RiskAcuity™ Report with Q&A, led by one of our principals.
Maturity Assessments
We can help you gauge your security program’s level of maturity with a Maturity Assessment. We offer two types of maturity assessments:
Simple Security Score
- Provides a 1-100 score and a target score based on how critical cybersecurity is to your business
- Use it to understand your program’s current maturity
- Use it as a benchmark for future progress
- Included with our RiskAcuity™ Risk Assessment at no additional cost
- A typical assessment requires one day onsite and is complete within a week.
NIST Cybersecurity Framework
A comprehensive maturity framework published by NIST and designed specifically for companies that are part of the US critical infrastructure. This framework can be used by small businesses, but is more appropriate for companies with highly mature cybersecurity programs and companies that are part a nation’s critical infrastructure, such as power companies and other utilities.