Cyber Risk Assessment

Cromtec Cyber Solutions Risk Assessment Services are designed for clients with Governance, Risk Management, and Compliance (GRC) requirements who wish to develop a strategic plan to reduce risk.

This service is supported by our Cyber Security Assessment Services (CSAS). We help our clients by identifying risks at the organization, business or mission, and information system levels, then developing a strategy to measurably improve overall cyber security and mitigate risk to an acceptable level. This includes identifying relevant frameworks and selecting common controls. We support any requirements you have have around FedRAMP, NIST 800-53, NIST 800-171, NIST CSF, 23 NYCRR 500, PCI DSS, GDPR, and the HIPAA Security Rule

  • Categorizing systems and establishing recovery objectives including data flows

  • Identifying critical business processes and supporting systems

  • Defining risk tolerance

  • Prioritizing investments

  • Evaluating enterprise architecture and general cyber security (using our CSAS) including vulnerability scanning, penetration testing, code review, configuration and patch management

  • Providing analysis of CSAS findings and developing a Plan of Action

Risk Assessment Support

Almost all compliance frameworks require a risk assessment to identify threats, vulnerabilities, and determine appropriate mitigation strategies. We tailor your risk assessment and provide action items to ensure your not just checking boxes.

FedRAMP Preparation: We’ll develop all supporting documentation for Cloud Service Providers planning to undergo an assessment by a Third-Party Assessment Organization (3PAO), and support the organization through the audit process.

DoD Acquisition Requirements for Cyber Security (DFARS 252.204) Compliance: Our analysts are experts with a background and experience working for the Department of Defense and Federal Government. We’ll help you interpret and apply the controls effectively and document everything in a format that’s acceptable to suppliers, prime contractors, and government officials while protecting your information.

NIST Computer Security Resources: Whether your organization is looking at the Cyber-security Framework, 800-53, or trying to implement a topic-specific NIST publication, our analysts recommend appropriate strategies for applying guidelines to actually reduce risk.
HIPAA Security Rule: Most often found with other requirements like PCI or GDPR, we help you understand how your current security strategy meets the HIPAA Security Rule and identify gaps to make sure your organization is fully covered with information protection and privacy.
PCI-DSS: Our experts help you prepare for a QSA audit, or will assist with determining the appropriate SAQs and implementing the controls.

Technology Risk Assessment

Our technology risk assessment follows our Discovery Framework and serves to identify technological gaps in the business architecture. We employ our discovery analysts and collectors to provide fast and comprehensive discovery without the need for credentials or tap port access.

The technology assessment plays an important role in maintaining the secure hygiene of the organization. We offer a broad range of services to protect infrastructure against internal and external threats. Our experts will analyze your architecture, develop plan, manage the implementation and perform ongoing life-cycle management and reporting.

These services include:

  • Security Infrastructure

  • Productivity Applications

  • Network Infrastructure

  • Servers / Cloud Computing

  • Rogue Device Detection