Risk Assessments
Assessment services are designed to help you understand your current exposure to cyber security threats and to prioritize any investment needed to reduce your risk to a level that you deem to be acceptable for your business. Assessments are guided by industry-standard frameworks, but tailored to your specific needs. Risk assessments should be undertaken at least annually, and may take as little as a day or as much as a month depending on the specific needs of your business.
Common assessment frameworks include:
Common assessment frameworks include:
- SOC 2
- HIPAA
- DSS
- CIS Critical Controls
M&A Due Diligence
Due diligence services are tailored to each specific M&A opportunity and the needs of investors, but generally include at least:
- Risk assessment against the CIS Critical Controls, including other frameworks such as HIPAA where needed
- Analysis of the risk potential of inheriting toxic or compromised assets from an aquisition
- Roadmap for recommended future investments, especially those that may impact the deal structure
Testing
RVA Cyber provides basic technical testing services including:
RVA Cyber also partners with preferred and vetted companies that specialize in penetration testing if full internal or external penetration testing services are needed.
- public IP scanning for open ports and services
- analysis and testing of physical access controls
- analysis of vulnerability scans
RVA Cyber also partners with preferred and vetted companies that specialize in penetration testing if full internal or external penetration testing services are needed.
vCISO
RVA Cyber offers Virtual Chief Information Security Officer (vCISO) programs that are tailored to each client but generally include:
- ongoing management of a company's administrative controls program (policies and procedures)
- cyber insurance applications, negotiations, and cyber incident response
- IT disaster recovery and general business continuity planning
- testing of plans through tabletop excercises