Information Security & IT Risk Assessment

This comprehensive assessment not only measures where an organization “should be.” It also determines exactly where an organization “is” and provides a clear plan for how to improve.

Why an Information Security & IT Risk Assessment?

Gone are the days of overwhelming, boring risk assessment reports. Gillware’s approach clearly lays out what your organization should prioritize with clear direction of how to get there. Building upon the Red Flag Cybersecurity Risk Assessment, our full assessment offering evaluates more than 170 different areas of your organization’s information security landscape to cover your bases.

The resulting deliverable is a no-frills explanation of what’s most pressing as well as a clear outline of what projects, and potentially resources, you need to improve.

Tailored to

You don’t have a cookie-cutter business, so why would you want a cookie-cutter assessment?

We evaluate your organization industry, size, technological usage, and current environment in order to provide an accurate “model” that you can strive for.

A Comprehensive Deep-Dive

You don’t need us to tell you information security is complex. Our team eliminates the headache of determining what to assess and what’s important.

We have decades of experience helping organization’s improve their information security posture through our tried-and-true assessment.


The Information Security & IT Risk Assessment will equip your team with the game plan you need to make substantial, and necessary, improvements.

We cross-reference your current level of resources with your largest vulnerabilities and show you how to solve problems without breaking the bank, or taking up your valuable time.

What’s Included in our Information Security & IT Risk Assessment

External Exposure Assessment

Determine the level of public exposure, and the number of services exposed, through our in-depth evaluation of public-facing Internet hosts and services.

We investigate and test applicable web-based applications for vulnerabilities, as well as scour several information sources to uncover if any domain names, public addresses, email addresses, or previously compromised usernames and passwords are affiliated with the organization and pose any harm to operations or reputation.

Threat Assessment

We work closely with our clients on this thought exercise to evaluate the business, data, and technical landscapes in order to pinpoint the “threat actors” most likely to interfere with day-to-day operations.

The likely threats and the respective methods of attack, informed by our incident response work, are detailed so clients can build the appropriate defenses.

Risk Assessment

We analyze the threats presented in the Threat Assessment to determine how likely the threat is to present itself, and the impact of a successful attack for the organization. The impact level is determined by how significantly the confidentiality, integrity, and availability of data and services would be affected in the event of an attack.

This analysis informs the action plan necessary to address some of the most imminent threats to the organization.

Model Organization Development

Gillware develops a model of an organization with the same threat, risk, business, and technical aspects but which has reasonable and appropriate information security maturity levels. This detailed model acts as a target and goal for the organization. At a high level, Gillware outlines the primary focus areas to reduce the most immediate risks to the confidentiality. integrity, and availability of their data, services, and systems.

Information Security& IT Risk Assessment

We perform an in-depth examination of your organization and examine the current maturity of the Information Security Program. We analyze documentation, interview key personnel, and conduct technical testing following an appropriate sampling methodology.

Once complete, we then identify areas that are high risk, but also lower in maturity compared to the “model” organization that is similar to yours. These high-risk, low-maturity areas are what your organization needs to focus on to reduce your risk. Simply attacking them independently and one-at-a-time, however, is not effective – down that path lies the “whack-a-mole” problem. Hence, a roadmap (more below) is developed to find efficiencies and strategies to maximize risk reduction and minimize disruption and cost.

12-Month Roadmap Development

The over-arching strategy in the development of the roadmap is to reduce risk, but also be as efficient as possible in terms of disruption, cost, and if possible, enhance your IT department’s ability to deliver their services. This will all lead to enhancing the ability of your organization to achieve its objectives, as well.

We favor automated solutions

When developing the roadmap and making suggestions on solutions or products to close the gaps, Gillware favors automated mechanisms. This minimizes additional overhead (or preferably reduces overhead) for IT departments while providing assurance that they are running and working effectively.

We look for ways to leverage a single solution to address multiple needs

This requires taking a step back and looking at the entire list of areas requiring remediation, as well as the workload challenges being experienced by your IT department. It is likely that a single clever solution can address the needs of many high-risk/low-maturity controls while reducing the workload of the support and administrative teams.

Want to learn more about the Gillware Information Security & IT Risk Assessment?