Focused Breadth or Depth
Using our standard assessment methodology, we offer security assessments in both “rapid” and “deep” formats. We’ll work with the client to determine what level of depth or breadth makes most sense for a given situation and budget. The “rapid” assessment involves a lighter level of analysis with fewer questions and follow up interviews on any given domain than the “deep” assessment. However, the rapid assessment will still capture the critical points of analysis for the domains covered based on our consultants’ expert experience.
During engagement scoping, we’ll learn what security or compliance perspectives should drive the assessment. Based on the need, we can quickly create a focused assessment of any area we cover. For example, our GDPR Readiness Assessment covers security domains concerned with privacy and data protection, as well as the organization’s business relationships and drivers.
As with comprehensive assessments, we can conduct focused assessments against the NIST Cybersecurity Framework, ISO 27001, COBIT, or a combination using our deep expertise and library of over 400 security controls to produce tailored interview questions and evaluation criteria. After conducting a series of interviews and rolling up the results for client review, we generate a draft report, take comments, and provide a final report.
Focused assessments include a gap analysis against known good practices and a preliminary improvement roadmap. After an assessment, we offer an optional support package through our trusted adviser program, or flow forward into an architecture engagement.