"I believe that a business should succeed or fail based on merit - not because of unidentified risk."
Ron Dahlgren, President
Our auditing services provide a clear view of your organization's risk landscape. We offer a framework for an ISRM program to align your organization's operations with its desired risk appetite.
Auditing is our focus at RIS. Our professionals can tune our auditing services to fit your specific needs; whether they be driven by regulatory requirements or a desire to better understand your risk landscape.
Our audit product incorporates controls from over thirty frameworks including the NIST CSF, DHS CDM, ISO 27002:2013, and FFIEC CAT. You can feel confident that our audit product will have you in compliance with today's best practices as well as tomorrow's regulations.
This service identifies, classifies, and characterizes vulnerabilities in your organization's information systems. Misconfigurations, outdated software, and complex remediation steps can lead to vulnerabilities in an organization. Our vulnerability assessment includes detailed reporting, customized for your needs, along with remediation steps and control suggestions.
We use industry-standard tools to conduct our initial data collection. Each data point is then evaluated by a professional to determine the scope and validity of the identified issue.
You can always expect to get the relevant information and background data. Our reports are executive-friendly in the front, detailed in the back.
Penetration testing provides a clear understanding of actual risk facing an organization and the possible impacts. Vulnerabilities or misconfigurations previously identified are validated and their impact explored.
You identify the scope and goals of the operation.
- Hacker simulation
- Data exfiltration
- Password strength checks
We can take on the role of threat actors identified during previous threat modeling in order to give you the most realistic results possible.
The human factor will always be the weakest link in your defenses. Phishing and other social engineering techniques are the primary way that attackers achieve access to an organization.
Social engineering testing is designed to measure the interaction of employees across three primary metrics:
These ratios along with a variety of other data points are collected to provide you with granular information about your workforce. These key performance indicators can be tracked over time in a test, train, repeat cycle to harden your organization against these attacks.
Training is available as a one-time event, across multiple sessions, or as a full SE program.