Cybersecurity Current State Assessment

Structured evaluations
to know where you stand 

To reach your goal, you need to know where to start. That’s where our current state assessment comes in: structured, project-based evaluations against a chosen standard, framework, or regulation.

During the assessment, we review your security policies, practices, and procedures to uncover gaps between where you are and where you need to be. Once those gaps are identified, we create a prioritized roadmap with clear, actionable steps to address those gaps and help you make measurable, concrete improvements to your security.

Our current state assessments are short-term and focused. The process begins with documentation review, interviews, and, when needed, process walkthroughs. Our independent experts bring deep regulatory and technical knowledge to measure your current state against the requirements of relevant security standards, frameworks, or regulations.

We examine your organization’s security management practices, the controls you have in place, and your ability to protect mission-critical functions and assets against modern cyberattacks.

“Findings presented in clear language to secure buy-in and drive real change.”

To give you clarity and a strong foundation for improvement, we offer our current state assessment as one comprehensive package. At the end of the project, you will receive a detailed report outlining gaps between your current security posture and your compliance objectives, a prioritized roadmap of achievable and impactful activities to close those gaps, and a presentation tailored for senior leadership or financial decision-makers.

With this combination of deliverables, your organization will be set up to make meaningful improvements to your security operations. Most assessments take between 10 and 25 days, depending on the target regulation or framework and organizational complexity.

If you are budget-constrained, our consultants are happy to help define a scope for the assessment in a way that focuses your resources where they count the most – making improvements to your security.

Whether you’re trying to implement the latest ISO or NIST standard, or you’re grappling with the impacts of recent legislation like NIS2, DORA, or the CRA – we can help you find a clear path forward toward your primary goal: better security.

Domains

Our advisory services cover a wide range of security frameworks, standards, and regulations. While each framework, standard, and regulation is distinct, there is often significant overlap in requirements and core principles.

We have the capability to support our clients with many common security frameworks, standards, and regulations, but our consultants regularly work in the following domains.

Regulations are laws or rules created by government authorities to control or manage security.

• NIS2
• DORA
• CRA
• CER
• EU AI Act
• GDPR
• NYDFS 500

Frameworks and standards establish a common method of approaching security in a systematic way.

• ISO 27001
• NIST CSF
• IEC 62443
• SOC2

Our consultants are always eager to build expertise in new areas. If you are working on implementing a framework or standard that isn’t listed above, just reach out, and we will be happy to help you with your security transformation journey.

Q&A: Current State Assessment 

When do I need a Current State Assessment?

Our Current State Assessment (CSA) is ideal when you’re uncertain about your compliance with new regulations or what’s required to meet your next security objective. If you’re facing regulations like CRA, NIS2 or DORA, seeking budget approvals for improved security, or just need visibility as a new CISO, our CSA can help shine a light on your current security posture.

What do I get from a Current State Assessment?

You’ll receive a report detailing your current security practices, a prioritized roadmap for improving those practices, and a presentation for senior leadership or financial decision-makers to help fund those improvement efforts. This output is specifically designed to guide and support your security improvements over the next year or two.

Can you help me choose suppliers?

We can help build criteria or define a process for supplier evaluation, but we don’t partner with or recommend suppliers. The final call is yours.

How long does an assessment take?

It can vary, depending mostly on the size of your organization and the standard, framework, or regulation you’re looking to align with. Most organization-wide assessments take between 10 and 25 days, but we can adjust the scope to meet your budget.