Security Risk Assessment

Security Risk Assessment


As part of your organization’s Business Continuity Plan process, a Security Risk Assessment should be performed every year or two. Knowledge is power, and if you don’t know where your org’s security posture stands, how will you know what to remediate? How will you know what you are aiming at? How do you know what you don’t know?

A Security Risk Assessment will clearly lay out your strengths and deficiencies, and recommend remediation steps. And for many compliance standards (like HIPAA), an annual Security Risk Assessment and Remediation Plan are required.

An Imagine IT small business Security Risk Assessment typically runs around $3,000. Large or complex orgs might require a larger assessment. The assessment process looks like this:

  1. 45 minute onsite interview with CEO.
  2. 90 minute onsite interview with IT staff (if exist, else with CEO and primary contact).
  3. Review of user and security policies, and compliance requirements.
  4. Physical audit of technology infrastructure.
  5. Internal and External Vulnerability Scans.
  6. Temporary Intrusion Detection System deployment.
  7. Phishing Email test.
  8. Reports presentation:
    1. 8.1. Executive Summary.
    2. 8.2. Detailed data.
    3. 8.3. Remediation recommendations.

Please reach out to your Account Manager if you would like more information about Security Risk Assessments.