This cybersecurity risk assessment tool helps organizations understand the value of the data and information in their custody, comprehend how these valuable assets are used in pursuit of business objectives, recognize how well these assets are protected, and establish a practical plan to put the right level of cybersecurity in place.

We will listen to your business and cyber security concerns, and work with you to develop a custom engagement to evaluate your cybersecurity posture, make a plan of appropriate improvements, and where it makes sense help you along the journey:

Identify the data used in systems and business processes in your organization.
Assess your information security governance, management, training and awareness, processes and systems in the context of the data sensitivity.
Develop a Cybersecurity improvement roadmap of related people, process, and technology changes and projects that combines big gap closure first with pervasive controls.
Oversee and support the execution of the Cybersecurity improvement roadmap.

With business driven approach, your management team will expand their awareness of the value of the data, information, and cybersecurity requirements necessary to protect and enable your business to succeed. 

We will work with you to create a roadmap which will guide your organization towards adequate, reasonable, consistent, and effective Cybersecurity controls over a reasonable period of time. 

Our goal is to ensure you have confidence that your organization can rely on its data and systems to achieve business objectives. We will ensure that you have the tools you need to take appropriate action to protect your customers’, business partners’, and your organization’s information and important systems.  This will help you more easily comply with regulations and meet customer requirements for doing business. 


  • Threat: An event or activity that has the potential to cause harm to the information systems or networks
  • Vulnerability: A weakness or lack of safeguard, which may be exploited by a threat, causing harm to the information systems or networks
  • Risk: The potential for harm or loss to an information system or network; the probability that a threat may materialize
  • Identification: the act of a user professing an identity to a system, establishing user accountability for the actions on the system
  • Authentication is verification that the user’s claimed identity is valid
  • Trusted Computing Base (TCB): combination of protection mechanisms within a computer system that are trusted to enforce a security policy.
  • Security Perimeter: the boundary that separates the TCB from the remainder of the system
  • Trusted Path: allows user to access the TCB without being compromised by other processes or users
  • Trusted Computer System: employs the necessary hardware and software assurance measures to enable its use in processing multiple levels of classified or sensitive information
  • Security Kernel: the hardware, firmware and software elements of a TCB that implement the reference monitor concept.
  • Reference Monitor: a system component that enforces access controls on an object.  An abstract machine that mediates all access of subjects to objects.  The security kernel must
      • Mediate all accesses
      • Be protected from modification
      • Be verified as correct
    • Vulnerability: A vulnerability is a characteristic (including a weakness) of a system, information asset or organization that causes it to be susceptible to be exploited by a threat. Exploitation of a vulnerability causes harm to a system, information asset or organization, and the business processes they support. The presence of a vulnerability does not cause harm in itself as there must be a threat present to exploit it.
    • Threat: A threat is a potential cause of an unwanted event which may result in harm to a system, information asset or organization. Threats may arise from all hazards, including natural disasters or accidental or deliberate human acts. Threats are characterized in terms of source (who/what causes the threat) and target (what elements of the system etc. may be affected by the threat) and are assessed in terms of the likelihood of its occurrence.