Cyber Security Roadmap Assessments

A cyber security roadmap assessment is a comprehensive, evidence-based approach to developing a strategy to improve your organization's cyber security. 

Within 4-6 weeks, you’ll have a set of prioritized cyber security initiatives that are tightly aligned with your organization’s operations, strategy, technology, and staff, designed to lower your risk of cyber attacks and enable you to demonstrate to prospects, clients, donors, beneficiaries, and other stakeholders that you take cyber security seriously.

At the end of the assessment, we’ll deliver an interactive report, concise set of recommended initiatives, actionable security vulnerabilities, and details on suggested next steps.

Then, you can choose to implement the initiatives on your own, with an existing partner, or through a partnership with our team.

How Does It Help Your Organization?

  • Take an inventory of your organization’s cyber security gaps and existing capabilities

  • Understand the security posture of your key third party service providers and contractors

  • Demonstrate your current and planned cyber security capabilities to prospects and customers who are increasingly including cyber security requirements as a part of their contracts

  • Reduce the long-term cost of cyber security efforts by having an improvement strategy made up of prioritized, defined-cost initiatives

  • Achieve greater buy-in from leadership and individual contributors for cyber security initiatives

  • Elevate the success rates of security initiatives to increase organizational resiliency against attacks

  • Align technology and security initiatives to support your organization as it grows - having a unified IT/security strategy leads to better outcomes and lower costs as compared to buying security tools piecemeal without broader strategy

  • Lower cyber insurance premiums by having best practices in place

How Does It Work?

  • security workshop

    Security Workshops

    We kick things off by leading security workshops with key organizational stakeholders and third parties, designed to evaluate your organization’s security posture compared to best practices aligned with the NIST Cybersecurity Framework (CSF). This framework is used by organizations worldwide to design evidence-based cyber security strategies.

  • phishing

    Staff Security Assessment

    Next, we conduct a staff security assessment, designed to understand how prepared your staff is to identify and prevent cyber attacks. We run a phishing attack simulation, perform dark web monitoring of your organization’s email addresses, and administer a cyber security knowledge assessment to staff.

  • Productivity Suite Compromise Assessment

    Productivity Suite Compromise Assessment

    Then, we carry out a productivity suite compromise audit that uncovers active issues in your Google Workspace or Microsoft 365 tenant and flags misconfigurations that pose a serious risk to your organization’s security.

  • App Security Assessment

    App Security Assessment (Optional)

    For organizations that have custom applications, we also offer an optional assessment of the app and the software development supply chain, designed to uncover vulnerabilities in both the application and the process used to develop the application.

Who Is Involved?

  • The best outcomes require a cyber security champion at your organization. If your organization is large enough, the traditional security champion can be the CIO, CTO, or CISO. Otherwise, they are typically a director-level staff member who may have other responsibilities in their role, but generally owns IT-related activities. The cyber security champion helps us coordinate with staff across the organization as well as third party stakeholders.

  • Workshops with key leadership stakeholders are critical to helping us align cyber security roadmap initiatives with the organization's strategic goals. Discussions with leadership are critical to provide insight into the organization’s direction and to help us ensure that security initiatives are in alignment with the organization’s operations.

  • We will need to hold workshops with a handful of staff members who work in throughout the organization and use technology as a core part of their role. These conversations provide us insight into how different parts of the organization leverage technology to achieve their goals and help us understand the impact of security initiatives.

  • Third parties are a key group of stakeholders who are absolutely essential for us to meet. Understanding your organization’s relationships with vendors, contractors, and other partners are critical to helping us understand the risk between your organization and third parties. We initially engage third parties with a cyber security questionnaire to understand the security posture before holding a workshop to dig deeper.

What Are The Outcomes?

  • A clear, evidence-based roadmap that provides your organization with specific recommendations for how to invest in cyber security improvements. Use it with us, with your own organization, or with another vendor. It’s standards-based and portable.

  • A clear understanding of staff’s preparedness and ability to respond to and protect your organization from attacks.

  • Detailed recommendations for improving the security of your organization’s productivity suite and guidance on what actions to take if it is actively compromised by an attacker.

How Long Does It Take?

The cyber security roadmap assessment takes between four and six weeks, depending on the size of your organization, technology complexity, and number of third parties. 

How Much Does It Cost?

Pricing starts at $5,000 for small organizations and increases based on an organization’s size and complexity. Special pricing is available for nonprofits, B Corps, and 1% for the Planet members.

How Can I Learn More?