Menu Close

A Complete information security Risk Assessment

We cover the full scope of NIST 800-53, plus an assessment of your Active Directory and if you use cloud services, your AWS, GCP or Azure/365 environments.

Assess the security of your company.​

Use the Information Security Program Plan to turn it into a Fortress!

Comprehensive Assessment​

Audit your People, Processes and Technologies, all in two weeks. 

We will share more about the process and people parts of the assessment lower on this page.

What's in the technical Information Security Risk Assessment

For starters, the full depth of NIST 800-53 v5. 

Then we will move on to your cloud services: Microsoft 365, Azure, AWS, GCP and others. 

We will end the Assessment with an audit of your Active Directory, if you use it in your environment. 

  • Active Directory Attacks Mitigation
  • Audit Policy Settings
  • Access Control
  • Security Event Log Settings
  • Domain Administration Practices
  • Identification and Authentication
  • Weak password usage by regular users
  • Weak password usage by Admin users
  • Domain Admin escalation paths
  • Stale objects
  • Trusts
  • Anomalies
  • Old Authentication Protocols
  • Pass-the-Credential Vulnerabilities
  • ACL Checks
  • Golden Ticket Vulnerabilities
  • System and Information Integrity
  • Delegation Checks

Our Assessments are also Consulting sessions for you and your team

Our Auditors go beyond just asking questions. 

We explain why we asked the question. 

Then we share the kinds of risks you might face by implementing the security controls or not implementing them. 

And if relevant, we also share our experience in mitigating those risks with other clients. 


Hacker-centric Risk Assessment

Hackers don’t care if you are compliant with SOC 2, NIST, ISO 27001, PCI or HIPPA. 

You might have a wall of certificates and they could still come in; take everything they need and leave unnoticed. 

In fact, this happens all the time. 

Our assessment focuses on the methods hackers use to get in. 

The mitigation advice you will receive in the end is focused on preventing real-life threats and attacks. 

AD Security Consulting - Included!

During the assessment, take the opportunity to ask questions and get them answered by our security experts. 

Every point mentioned in the “what is included” above can become a discussion topic and we will tell you all we know about potential defense strategies. 

Take notes!


Let's discuss your Active Directory security

Have questions?



Imagine you own a house and want to add an additional floor. First you have to review and strengthen the foundations. This service builds cybersecurity foundations to facilitate growth in a resilient, timely manner.

This service will also provide the company with a cybersecurity risk assessment and improvement plan but with significantly more support from a senior consultant to help the company embed improvements in a continuous, timely manner


The dreaded car MOT is looming. It’s the unforeseen wear & tear that results in some necessary annual maintenance. Our cybersecurity review will highlight what needs to be done as your engineers.

In addition to the context gathering stage and security footprinting service, a senior consultant will perform a risk assessment to understand the company’s cyber risks and provide recommendations. They will also be available to undertake monthly calls for answering questions, providing guidance and checking on whether risks are reducing.


You’re embarking on a more active lifestyle, chosen to go on a diet and get in shape. Think of this service as the cybersecurity equivalent of the personal trainer, helping you along the way.

After an initial context gathering stage, a junior security consultant will be available once per month to answer questions and provide recommendations based on company goals and activities. A cybersecurity footprinting service will allow the company to continuously monitor its external security posture.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.