Get Started

Cybersecurity Gap Assessment

Make big improvements to your new cybersecurity program, fast.

Everyone starts somewhere. Our cybersecurity gap assessments use our in-house Fractional CISO BASIC control framework specially designed to help rapidly improve new and maturing cybersecurity programs.

Contact Us

Identify the highest-leverage security improvements for your business.

I want to improve my cybersecurity posture, but…

Kickstart your cybersecurity program with 20 high-quality cybersecurity controls. We’ll help you implement and formalize a fully functional cybersecurity program that covers the full lifecycle of security: Govern, Identify, Protect, Detect, Respond, Recover. 

Start with a gap assessment, not the whole framework. Our 20 controls map directly to SOC 2 requirements, so the work you do with us will lay the foundation for your program.

Focus on cybersecurity controls that actually move the needle. We designed Fractional CISO BASIC around controls that provide the most important security functions. Once you’ve done these 20, it’s a lot easier to know where to go next.

What is a cybersecurity gap assessment?

A cybersecurity gap a type of evaluation that compares your existing cybersecurity program to an established set of controls to identify “gaps” – the missing components of your program necessary to meet a certain goal.

Key Outcomes of a Gap Assessment

 Once complete, a gap assessment makes it easy to plan cybersecurity program improvements to fill the missing gaps. A quality gap assessment provider will help you implement the missing controls and create a long-term cybersecurity plan, too.

Gap Assessment vs. other Security Evaluations

Gap assessments are often confused with risk assessments, penetration tests, and audits. Each type of evaluation performs a different role. Cybersecurity risk assessments identify and evaluate all of the risks a business faces. Penetration tests are simulated attacks conducted by white hat hackers to find weaknesses in a security environment. Audits are used to validate the presence and performance of a given cybersecurity control.

Process

How our Gap Assessment Services Work:

Network and Infrastructure Evaluation

  • Collect information about network and infrastructure to build understanding of IT environment 
  • Finalize Fractional CISO BASIC gap assessment control set 
01

Gap Assessment

  • Distribute internal questionnaire for client team 
  • Gather evidence about control implementation and usage 
  • Interview staff to determine adherence to existing security policies and processes
02

Security Program Implementation

  • Deliver Gap Assessment Report with findings and recommendations 
  • Implement new controls to bring program into alignment with security program 
  • Write policies and procedures that support control implementation 
03
The Fractional CISO Formula for Quality

What makes Fractional CISO different?

Team Approach

With Fractional CISO, you aren’t just hiring a consultant. You’re leveraging highly accessible U.S.-based cybersecurity team consisting of an experienced Virtual CISO and a skilled cybersecurity analyst to run your SOC 2 program.

Quantified Decision Making

No two businesses are built the same. Would cookie cutter guidance be enough for you? We quantify the cyber risks facing businesses to ensure your SOC 2 program actually addresses your cybersecurity risk, and doesn’t just check a box.

Zero Conflicts of Interest

Many Virtual CISO providers and SOC 2 consultants receive commissions or finders’ fees when they recommend certain tools to their customers. We only recommend tools if they’re right for your business and take no kickbacks, ever.

What is Fractional CISO BASIC?

Fractional CISO BASIC (Base Analysis for Security Information Controls) is our own cybersecurity framework. It features 20 high-value cybersecurity controls that are foundational for every cybersecurity program. The 20 controls are mapped to the NIST Cybersecurity Framework (CSF).

Why did you make your own cybersecurity framework?

We found that none of the so-called “beginner” cybersecurity frameworks were useful for new and rapidly-improving cybersecurity programs. Even CIS Controls Implementation Group 1 – the easiest one – has 56 controls! And not all of them may apply to every business! Our 20 control framework is designed to be broadly applicable and approachable.

Does Fractional CISO BASIC map to SOC 2?

All of Fractional CISO BASIC’s controls are necessary for major cybersecurity compliance frameworks, such as SOC 2 and ISO 27001. For companies pursuing SOC 2 or ISO compliance for hte first time, we find these 20 controls help them formalize their cybersecurity program and build the muscle needed to get them compliant. No controls have to be re-implemented, either.
Suceed at SOC 2

Download our free ebook:

5 Things to Know for Your First SOC 2

Download ebook

Ready to improve your security program?

Contact Our Team to Schedule a Consultation

Do you have any questions about cybersecurity you’d like us to answer?

Is your Cyber Insurance really going to cover you?

Only 1/3 of cyber insurance policies actually pay out in incidents. Most companies have cyber insurance policies that insure too little, or too much, and have absurdly low caps and silly exclusions.

To learn more about cyber insurance and determine if you have the right coverage for you, join us for a free vCISO Office Hours session on Tuesday, April 18 at 1 p.m. eastern time. Bring your questions!

New Release: Free SOC 2 eBook!

Getting ready for your first SOC 2? This eBook is full of actionable advice to help you prepare for and succeed in your first SOC 2 audit.

Learn:

  • How to scope your SOC 2 project
  • How to estimate the cost and length of your SOC 2 project
  • How to prepare for your SOC 2
  • How to succeed in your SOC 2 audit period
  • How to leverage your SOC 2 report to enable your business and sales