ProactiveRISK, ​helps enterprises gain operational command of their security posture and the security posture of their third-parties through continuous, non-intrusive monitoring. ​The  company’s approach to security focuses on identifying vulnerabilities from an outside perspective, the same way a hacker would.  Critical data points include Application Security, Malware, Patching Cadence, Network Security, Hacker  Chatter, Social Engineering, and Leaked Information and more.

Can You Measure Your Tech Risk? We can.

STEP #1 PICK YOUR PREFERRED FRAMEWORK

• NIST CSF is used by organizations that operate critical infrastructure and other private-sector businesses. However, the best practices apply to a range of organizations of varying sizes across all industries.
  • NIST 800-171 -  Guidelines for protecting government-controlled unclassified information
  • NIST 800-53​ - Security and Privacy Controls for Federal Information Systems and Organizations.​
• Cybersecurity Maturity Model Certification (CMMC) – A Department of Defense verification mechanism to ensure appropriate cybersecurity practices and processes are in place to ensure basic cyber hygiene and protect controlled unclassified information (CUI).
• California Consumer Privacy Act (CCPA) – Privacy rights and consumer protection for residents of California.
• The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU)

​

• American Bar Association Formal Opinion 477R - In the context of electronic communications, lawyers must establish policies and procedures, and periodically train employees, subordinates and others assisting in the delivery of legal services, in the use of reasonably secure methods of electronic communications with clients. 
• Payment Card Industry Data Security Standards (PCI DSS) – Information security standard for organizations that handle branded credit cards from the major card schemes. 
• New York State Department of Financial Services Cybersecurity Requirements for Financial Services Companies 23 NYCRR 500.
• Health Insurance Portability and Accountability Act (HIPAA) (including Omnibus Rule) – ensures equal access to specific health and human services and protects the privacy and security of health information.
• International Organization for Standards (ISO 27001) – Information technology security techniques 
• Top 20 Cyber Controls – Compilation of the most critical cybersecurity controls from the Center for Internet Security V8
• Technical Due Diligence - Not a Framework.... but tech due diligence includes an evaluation of the target’s tech strategy, product and/or services, IT architecture and infrastructure, IT processes and security, tech organization and software development lifecycle and the tech financials. 

OVERVIEW OF THE PROCESS - Click Here

---

STEP #2 SCHEDULE YOUR CONSULTATION

CONTACT US

STEP #3 MEASURE your PEOPLE, PROCESS AND TECHNICAL controls

---

STEP #4 establish the MATURITY SCORe based on policy, procedures and active controls

STEP #5 REPORTING

We present a third-party report on your technical maturity to the compliance framework with a list of prioritized recommendations.

---

STEP #6 OPTIONAL REMEDIATION

Our expert-level team will work closely with your organization to guide you in implementing a comprehensive, layered defense system to protect your most valuable assets

PRICING

Description	Cost
Remote Questionnaire and Evidence Based Assessment	$Call
Onsite People, Process and Technical Control Review	$Call
Attack Surface Analysis	$Call