Security Assessment FAQs

What type of a Return on Investment (ROI) does a Security Assessment provide to an Organization?

There are many types of ROI that a Security Assessment Service provides:

Insurance Savings- Most Internet Insurance Packages provide a big discount for companies who regularly have security audits. You might be able to afford the Security Assessment Service simply from the savings in Insurance Dollars.

Call Us at (844) 973-6837.

Due Diligence- Have you done everything possible to mitigate or prevent a Security Incident, if you have third party assessments and correcting the discrepancies; you are demonstrating Due Diligence.

Regulatory- We help your organization comply with your regulatory environment and let’s face it regulators are not fun people to deal with. We can serve as your buffer and provide you with the right advice and policies to prove to the regulators that you are demonstrating Due Diligence and Best Practices.

Data Loss- We are not puppet masters and we cannot prevent individuals in your organization from losing or stealing data, but we sure can identify weak areas and systematic problems to come up with strategies to prevent it from happening to you.
We will do this through Policy Guidance, Technical Testing, Social Engineering and Exploitation Exposure.

Reputation- If you do have a Cyber Security “Incident,” what happens to your business reputation.
Will you lose Clients?
Will you lose funding?
Is it worth not doing your Due Diligence?

Money- Guess who loses in a Data Breach, your customer or your patient? Yes, they do lose somewhat. But when the rubber meets the road who do you think they are going to come looking for?  Enough Said.

Why Topgallant Partners?

First of all we have the accreditations; our Team Members are Certified Information Security Professionals (CISSP), Certified Ethical Hackers (CEH), and Certified Cisco Network Engineers. We build our Teams based on the workload and the specific requirements for your organization.
Secondly, we are experienced and deliver the whole package. Our Network Assessment Packages include:

  • A Structured Interview Process
  • Facility Security Review
  • Policy Guidance and Policy Templates
  • Vulnerability Testing
  • Penetration/Exploitation Testing
  • Security Awareness Training
  • Social Engineering
  • Customized Documented Deliverable
  • One Year Telephone/Mail Consultation Services

Do we have to purchase all the services?

We discount packages, but everything is available ala carte.

What is the difference between a Vulnerability Assessment and a Penetration Test?

A Vulnerability Assessment determines whether a known published exploit has been identified for that particular version of software, but does not exploit the vulnerability.

A Penetration Test exploits the vulnerability which usually results in some kind of actions to include Denial of Service or a Remote Command Shell on the exploited device.

What is the General Timeline

Lead time needed to get an engagement scheduled and started with Sample Q1/Q2 dates/ranges available.
It really depends on our workload; generally Q1 is our slowest time of year, so the schedule is open for March, after that we just need to schedule.

General Timeline of each phase of the engagement
Phase I- ½ Day On-Site, 1 to 2 Days Off-Site
Phase II- 3 Days On-Site
Phase III- 3 Days Off-Site

General Timeline of delay between phases
There is really no delay between phases. Our methodology is to complete the entire Assessment at a maximum of three weeks.

Post engagement timeline to completion of deliverable.
Once the first three phases are complete we should have the “final draft” deliverable to you in Seven Business Days.

Payment schedule/terms
Terms are net 15 due upon delivery of “final draft.” Final is delivered upon receipt of payment.

Do you charge for Travel and Expenses Separately?

Yes, but we bill actual expenses and we do fly coach.