Cybersecurity Risk Assessment
Our comprehensive Cybersecurity risk assessment is for organizations looking to gain visibility into the Cybersecurity-related risks in their IT environment. This comprehensive evaluation provides an insight into the overall security posture of an organization and encompasses a number of other services provided by CITSAP such as Governance, Vulnerability, Application Security, Infrastructure Assessments etc.
Executing a Cybersecurity risk assessment is a foundational requirement in the establishment of an effective cybersecurity program. This review provides more visibility into the nature and types of risks faced by the Organization through an assessment of the processes, systems and technology used by the company in order to develop a prioritized plan for remediation and alignment of the IT objectives with the Organization’s goals.

Cloud Security Risk Assessments
Leveraging Industry Standards and Frameworks, we evaluate our client’s risk and adequacy of controls with the use and adoption of cloud computing services.

Third-Party Risk Assessment
Vendors continue to pose a high risk to data security and operational resilience, as such, the goal of this program is to implement or evaluate your framework around 3rd party risk identification, assessment, remediation, and periodic monitoring.


Web Application Security Assessment and Penetration Testing
Our team can provide the needed expertise to help you identify potential security vulnerabilities that can be exploited by adversaries to gain unauthorized access to your web applications, and highlight recommendations for remediating identified gaps.
In the last few decades, externally facing web applications have become a primary channel that organizations use toexecute their day-to-day operations and interface with their clients, customers, business partners etc. Similarly, this gateway is also targeted by the bad actors as a point of unauthorized entry into the corporate network for data exfiltration purposes and other nefarious activities. Most organizations have poorly implemented security controls over their web applications, which makes it easy for attackers to exploit identified vulnerabilities. Consequently, a web application security assessment and penetration testing is necessary to help identify such vulnerabilities.
The assessment is performed against several best practices including the OWASP Top 10 security risks such as Cross-site Scripting (XSS), SQL Injection, Broken Authentication and Session Management, Insecure Direct Object References, Cross-site Request Forgery, Security Misconfiguration, etc.

Infrastructure Security Assessment
Our review of the infrastructure on your network goes beyond a review of IT general controls in the environment, to providing a more detailed assessment of the configuration and security controls within your key network devices (firewall, router, SIEM, IDS/IPS, etc.), databases, operating systems, etc. that provide the platform your mission-critical and business applications run on.

IT Regulatory Compliance and Readiness Assessment
We provide readiness assessment services and evaluation of your cyber security programs against requirements outlined by various regulations and industry standards such as NYDFS, HIPAA, HITRUST, ISO 27001, and more. At the completion of the assessment, our consultants will provide a written report outlining the current state evaluation and improvement opportunities.


Vulnerability Assessment
Cyber Security Program Assessment


IT Risk and Controls Self- Assessments (RCSA) Program Development & Maturing Assessment
A robust RCSA program can be an effective tool for estimating operational risk exposures and the effectiveness of controls in reducing identified risks to an acceptable level.