A Strategic Remediation Plan (a.k.a. Roadmap) lays out desired cybersecurity initiatives in a timeline that reflects realistic project schedules and organizational priorities.

This is an exercise that demonstrates the firm is proactively interacting with its vendors to gauge their cybersecurity maturity and calibrate the risk that each vendor poses to the firm.

Cybersecurity Awareness Training covers a broad set of concerns regarding proper handling of sensitive information, removable media, phishing, social media, social engineering, privacy, and acceptable use of IT resources.

Governance refers to the task of collecting sufficient evidence to demonstrate that the firm is following its own policies. Compliance is concerned with being able to prove regulatory compliance requirements are being satisfied.

Whereas IS Policy Gap Analysis is concerned with informing strategic planning for Information Security Policy improvement, Information Security Policy Consultation refers to the task of defining and implementing policies.

Information Security Policies are the standard means by which management expresses their expectations about organizational behavior as it relates to meeting certain goals.

A Network Architecture Security Review is a structured investigation into network design and configuration to discern any security flaws. It includes segmentation, firewall rules, VLAN configuration, resiliency, and access control.

Application Security Testing involves testing the security of an application's authentication, authorization, input validation, and data storage to identify weaknesses that can be used to exploit the application in ways that the designers did not intend.

Physical Penetration Testing involves pre-approved attempts to gain unauthorized access to IT assets through Social Engineering methods such as impersonation, imposters, confidence tricks, and malicious IT devices.

A Cybersecurity Risk Assessment (CRA) provides a comprehensive review of how well current operations are supporting information security.

External Network Security Testing involves scanning public internet facing assets such as servers, network devices, and websites to discover cybersecurity vulnerabilities.

Internal Network Security Testing involves scanning internal LAN assets such as servers, network devices, and web-applications to discover cybersecurity vulnerabilities.