Navigant's Cyber Risk and Information Security PracticeLearn More


Why Your Organization Needs a Cyber Security Assessment20 January 2015

Academia, Employee Training, Financial Services, Healthcare, Non-Profit, Policy Development, Risk Management

In today’s always connected world, organizations are becoming more and more reliant on their IT systems to run major parts of their operations. Today, you’re just one data breach away from being a leading story on the news and social media, which can severely damage your reputation and brand.

That’s why you need to begin thinking about performing an annual cyber security assessment, just like the annual financial audit performed by your accounting firm.

An assessment identifies your most significant vulnerabilities, so you can target opportunities for improvement that offer the highest return on investment. Some organizations embark on a program to strengthen their security infrastructure without first performing a comprehensive assessment. That’s a mistake. They risk misallocating resources and failing to address their most critical vulnerabilities.

Cyber security assessment findings are the key “inputs” of a security project plan/roadmap that will strengthen your organization’s infrastructure and provide the highest return on investment.

A thorough cyber security assessment evaluates organizations’ technology, policies and employee awareness. We have found significant, critical vulnerabilities in at least one of those areas in every assessment that we have performed.

In fact, the latter two areas — policies and employee awareness and training — are often the weakest links in organizations and the areas that can be most cost-effectively addressed.

Yet many organizations never perform an assessment at all. Why? There is a common misperception that they are:

  • Cost prohibitive.
  • Disruptive to the production environment.
  • Best performed by internal resources.

All three of these are incorrect. Assessments can be very affordable and can be performed in a phased approach to further reduce the impact to your financials. In some cases, your cyber insurance premiums may be reduced, which will offset some or all of the cost of the assessment.

Neither do cyber security assessments need to disrupt productivity. Most of the testing and data collection can be done without any impact.

Finally, while internal IT staff may be extremely capable network administrators, they often lack the in-depth security knowledge and experience necessary to perform a comprehensive audit. And even if they have the technical know-how, the advanced tools necessary to comprehensively analyze a network are often cost-prohibitive for an organization to purchase. An external, objective assessment provides access to the experienced professionals with the latest, advanced tools to provide an informative assessment that will be the foundation of a security roadmap.

COMPASS’ methodology combines disciplined project management with the latest cyber-security technology and data-protection best practices to perform comprehensive and cost effective assessments.

Find out how to protect your institution. Read our Cyber Security Assessment Checklist to discover everything an assessment should cover. Then contact COMPASS to learn more about our methodology and service offerings, and how they can help your organization develop a robust cyber security ecosystem.

Work With Us Learn How