Enterprise Security Audit (ESA) Service

Our Enterprise Security Audit simplifies cyber defense

Our Enterprise Security Audit simplifies cyber defense

The Enterprise Security Audit removes the guesswork and tells you exactly what actions you need to take to improve your cyber defenses. After we audit your cybersecurity posture, we provided you with prioritized and proven steps to reduce your risk of a cyber incident. Our ESA is based on the Top 20 Critical Security Controls from the Center for Internet Security.

Many cybersecurity organizations will gladly run a “security scan” and then deliver a lengthy, incomprehensible report. While this may satisfy a compliance requirement, it does little to actually ensure the security of your network. Cybersecurity extends through multiple domains. We understand all of the areas involved and work with your team to ensure a comprehensive assessment for all of your cybersecurity needs.

The Enterprise Security Audit (ESA) is an audit of IT operations from a cybersecurity perspective. It is based on the Center for Internet Security Critical Security Controls.  In many ways, it is much like a compliance check for HIPAA, PCI DSS, FISMA or any other regulation.  However, it is possible to be compliant with a given regulation and still not be secure.  It is our goal to help you become as secure as possible in relation to your risk tolerance by offering a document review of your organization’s processes, policies and procedures.

The ESA is crucial for a secure environment.  Without documented procedures, little confidence exist that critical items are covered at all or covered consistently by personnel. Documentation helps with compliance and also acts as a catalyst to identify deficiencies with technologies, processes, and personnel.

The ESA is a critical first step towards achieving a secure and mature enterprise environment.  We recommend this service first.

basic cis controls

The Top 6 Basic CIS Controls can prevent approximately 90% of attacks.

The Top 6 Basic CIS Controls can prevent approximately 90% of attacks.

Our ESA covers the Top 20 Critical Security Controls, but focuses on the Top 6 Controls, known as the Basic CIS Controls. Roughly 90% of attacks are successful because organizations do not have a grasp on these Top 6 Critical Security Controls. These first six controls help develop immediate and effective defenses against threats of cyber-attack.  These controls consider the following questions:

  1. Do we have hardware assets inventoried? Do we know how systems are interacting with each other?

  2. Do we know what software is running (or trying to run) on our systems and networks?

  3. Are our Vulnerability Management and mitigation practices cyclical, effective and commensurate with the threat landscape?

  4. Are we limiting and tracking the people who have the administrative privileges to change, bypass, or override our security settings?

  5. Are we using secure configurations for hardware and software on all organizational assets?

  6. Are we collecting, maintaining, monitoring, and analyzing our audit logs?


How would you score with a checkup on the Basic Critical Security Controls?

How would you score with a checkup on the Basic Critical Security Controls?

The people, processes, and technologies should all be assessed to ensure you have a cybersecurity posture appropriate to your risk tolerance. Many organizations focus on the technical aspects of cybersecurity and ignore the policies, processes, and procedures.  Our ESA helps identify deficiencies in these areas.

In addition to making your more secure, our ESA Documentation Review helps you with documentation required for compliance audits, such as PCI DSS, HIPAA, NIST, and FISMA.

After our ESA you will have in your hands a prioritized list of recommendations that are based on real and timely threat intelligence, rather than antiquated best practices.  Our report removes the "fog of more" and simplifies the steps required to achieve a secure environment.

What you get / Deliverables

You get three items:

  1. ESA Report

  2. ESA Report Findings Review with your team via an online session

  3. Discounted Rerun Option for a rerun of the ESA after you fix identified problems

Sample graph from the ESA Report, showing the Critical Security Control compliance breakout by category

1. ESA Report

After the ESA is completed, we provide a comprehensive findings report that outlines the areas you need to fix to improve security. The Enterprise Security Audit Report is used to identify areas in your enterprise environment that can be improved by the implementation of the Critical Security Controls.  Included within this report are scorecard results, helpful examples, recommendations, and an appendix of references.  Overall, the report provides a baseline from which you can improve your security posture using tangible steps in a prioritized, risk-based manner. 

2. ESA Report Findings Review

We schedule an online session with you where we walk through the report with your team and answer any questions about the findings, our methods, or the steps required for remediation. Many competitors deliver a confusing lengthy report at the end of the engagement for you to decipher. Our ESA report review adds tremendous value because we can clarify findings and remediation steps.

3. Discounted Rerun Option

How do you know the steps you took to fix our ESA report findings actually met the audit requirements? Validation removes the guesswork. When you're ready, after addressing the issues identified in the ESA report, we offer a deep discount to rerun the ESA audit. This is a crucial and often overlooked step in this process. Validating documented processes, procedures, policies, and security controls is extremely important. We have discovered numerous organizations that thought they fixed a finding we identified, only to discover after another audit that the finding was still there.

Interested in knowing how effective your current cyber security controls are? Want to improve the security of your environment with tangible steps that remove the guesswork? 

Contact Us or use the ESA Information Request form to find out more about the ESA or schedule an ESA.