Cyber Security Risk Assessment & Compliance Readiness
Cyber Security Risk Assessment: Controls-Based
Cosant's controls-based risk assessment evaluates an organization's risk from an industry-standard controls perspective. These controls are based on your target framework, including SOC 2, ISO, HIPAA, NIST, CMMC, FedRAMP and others.
For the risk assessment, we identify the organization's current security position relative to each of the security controls, including administrative, technical and physical controls. We identify and prioritize gaps and vulnerabilities, and recommend remediations on a mutually agreed-upon roadmap. The client is provided a risk register, remediation roadmap, and risk assessment report.
Cosant’s controls-based risk assessment is a 5-step process including scoping, risk identification, risk analysis, risk evaluation and documentation and all of the responsible personnel.
Get StartedCyber Security Risk Assessment: Business Process-Based
We lead the organization through a risk workshop to identify the 3 to 5 business-critical functions. These often involve revenue generation and customer enablement. The business process is broken down into functional steps, where each step and process is evaluated relative to the risk of disruption.
We identify the critical drivers (availability, confidentiality, and integrity) of the risk, and all of the responsible personnel. This leads to a business-centric identification of gaps and vulnerabilities, as well as an assessment of the financial and operational impact of a security breach. These are prioritized, and then remediations and a roadmap are identified to reduce critical risks.
Cosant's business process-based risk assessment evaluates an organization's risk based on the business's critical business functions.
Get StartedCyber Security Compliance Readiness
Cosant helps small and medium businesses establish a formal information security program to increase their security and (often) achieve compliance with customer and regulatory requirements. We provide security and compliance readiness services through a repeatable and proven process, including the following:
Risk Assessment and Roadmap
Policy and Process creation and revision, creation of all required security plans
*including system security plan, business continuity plan, incident response plan, vendor and third-party management plan, risk management plan, and patch management plan
Identifying and advising your IT or MSP representatives in remediating all technical control
Operationalizing the security plan
Support creating and organizing an audit-ready package
*including documentation, evidence, and audit support
Among the industry standards, Cosant supports SOC 2, CMMC, FedRAMP, HIPAA, HITRUST, ISO27001, and others
Virtual CISO
Cosant's vCISO service supports clients through cyber security leadership and expertise. In addition to providing c-level recommendations and guidance, Cosant represents the client to stakeholders, including clients, prospects, regulators and the board of directors.
Penetration Testing
Cosant's penetration testing is focused on supporting our clients' security assessments to achieve increased security and meet compliance/regulatory requirements. Penetration testing initiates with a vulnerability scan and information gathering. Urgent high-risk vulnerabilities are immediately fed back to the client with remediation recommendations. Cosant then proceeds with techniques to validate the ability to exploit the identified vulnerabilities, and where possible elevate privileges to expose the highest level of vulnerabilities. Cosant then documents all results of the penetration test and creates remediation recommendations for each vulnerability.
Upon completion, the client has two formal penetration test reports:
One customer-facing report, characterizing the scope, date, and high-level findings of the penetration test. This fulfills the clients' compliance requirements and provides the most favorable viewpoint of the clients' security to third parties.
A second report includes details of the identified vulnerabilities and a remediation roadmap. This report serves as a plan to address each vulnerability and thereby reduce the clients' cyber security risk.