This is an overview of our Cybersecurity Risk Assessment professional services engagement offering.

CSOC

CSOC

Please refer to attached Cyber Risk Assessment Workflow for a visual map of the process to further guide the procedure.

1. Request will be made to Director of Client Success (Grant) and Information Security Lead (Josh)
2. Once the client agrees and signs the quote, a Kickoff call will be scheduled with client, Director of Client Success, and Information Security Lead
3. After the Kick-Off call, the client profile will be made and setup in the tools used in the assessment, and Environment credentials will be provided, or alternatively a shared remote session will be performed.

• i. Current tools used are N-Central Liongard, ShieldCyber and Breach Secure Now.

• ii. Information Security Lead will contact CS to setup client in N-Central and prepare deployment packages

4. Credentials will be saved in 1Password
5. Once credentials are verified, or alternatively a shared remote session happens, CS will deploy an n-central agent to at minimum the domain controller server(s) but recommended all servers up to 100 endpoints per engagement.
6. N-central will push out a Liongard agent on the Domain controller server(s), and a ShieldCyber agent to all endpoints covered in the engagement.

• iii. Liongard will have information on their any or all of the following depending on the engagement: website/domain, SSL/TLS certificates, M365/Google Workspace, and firewall/switches.

• iv. Shield Cyber will provide vulnerability assessments on the endpoints it’s deployed to, Identity protections on the Active Directory environment, and an external vulnerability scan as well.

• v. Breach Secure Now will perform a darkweb scan on the client’s domain and can send out a onetime phishing campaign depending on the engagement.

7. Information Security Lead (Josh) will also have a security questionnaire interview with the client POC to go over CMM controls and document what is in place.
8. Using the information provided from the interview and reports from the tooling, the Information Security Lead will begin to compile the results into a final report.
9. Information Security Lead may submit project requests as necessary with design desk to be used as a budgetary roadmap in the final report.
10. A Week 2 progress call will be made with the Information Security Lead, Director of Client Success, and client POC(s) to provide an update and go over any outstanding items/issues.
11. Results will be Compiled into a final report PowerPoint (Executive Summary deck), and a final report meeting will be scheduled with the Information Security Lead, Director of client success, and client POC(S).

• vi. The client will receive the following deliverables

• vii. Gap Analysis Report (Contained in Final PowerPoint)

• viii. CAPA Roadmap and budget (Contained in Final PowerPoint)

• ix. Executive Summary overview of key findings and critical requests (Contained in Final PowerPoint)

• x. A compiled pdf of all raw data output reports from the various tools.

12. All tools deployed to the environment will be removed, credentials will be deleted, and client profiles setup in tools will be removed after deliverables unless the client wishes to move forward with NRR/MRR engagement with centrexIT, Director of Client Success will take over transition and tools pertaining to engagement will remain, while unneeded tools and credentials will be removed and documented proof of removal will be provided.