Assessment Services

Our Security Risk Assessment services have one clear goal: ensuring the objectives of your security program hit the mark every time. Risk assessments are tailored to the client’s unique needs utilizing qualitative or quantitative analysis of critical assets, relevant threats, and vulnerabilities.

What we do

Converged GAP Assessment / Remediation

A converged GAP assessment and remediation roadmap is possibly the most critical service every organization needs. We define and develop a baseline for your enterprise security posture that will improve your business resiliency and business efficiencies. A converged GAP assessment and remediation roadmap will enable you to identify ‘GAPS’ in your existing posture and plans, and work from the established baseline.

bSMART® is an applied solution of moving your organization from a current state to a future state of business resiliency and keeping it there. Applying the bSMART® methodology is a dynamic process, not a static point-in-time analysis, which is a real time metrics driven initiative. Once established, you will be able to better focus corporate resources and energy to those areas that will produce your goals continuously in a fastest manner.

Threat & Vulnerability Security Review

An expert “snapshot” qualitative analysis for clients requiring rapid, time sensitive security improvement insights. These can be a current state review of larger enterprise operations, or focused to specific areas such as guard operations, program organization, individual facilities, Security Operations Centers (SOC).

A vulnerability assessment works to improve security and life safety continuity and compliance postures and develop a more mature, integrated or converged security program. We encourage assessing both cyber vulnerability assessments and physical vulnerability assessments together. Looking at one without the other is not a converged approach.

Site & Enterprise Risk Assessment

A full-scale qualitative and quantitative risk assessment that reviews every facet of an existing, or planned security operation for the enterprise. Butchko goes beyond surface evaluations through incorporation of multi-disciplined insights and recommended solutions to address the interrelation of security, safety, production, and enterprise operations and maximize reduction in enterprise risk. The team matches the right methodology to the client’s needs, ensuring alignment with the ISO 31000 international best-practice standard for risk management, and results that senior management values. We have experience working with multiple methodologies including API, AS/NZS 4360:2004, Sandia Labs, and ARM. We also work with internal corporate methodology for client Enterprise Risk Management (ERM) program continuity.

Information Security Assessment

What is the difference between cyber security and information security? Information security and cyber security are often confused. InfoSec is a crucial part of cyber security, but it refers exclusively to the processes designed for data security.

Information security, often referred to as InfoSec, refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.

Information Security Assessments are done to typically evaluate the current state of a network and the infrastructure of cyber security tied to business processes. It is fundamentally tied to your INFOSEC team which is typically headed by an IT Director of CIO Chief Information Officer. The methodology of the INFOSEC assessment tie to doing an internal and external vulnerability assessment to define and a network architecture review. This also applies to an understanding of general compliance requirements.

Cloud Architecture Assessment

Cloud services work best and are most cost-effective when they are highly optimized. Cloud services are a living operation that requires frequent attention and fine-tuning.

If your cloud environment has never been monitored after initial set-up it is likely not meeting its full potential. Butchko is able to assess your cloud architecture and give recommendations to get the most out of your cloud environment.

Compliance Audits & Analysis

An independent survey and analysis of current-state security programs, policies and procedures. This is an objective review of an organization’s compliance with corporate or existing regulatory standards such as:

  • CFATS
  • ISPS
  • MTSA
  • DHS
  • US DOT
  • NERC-CIP
  • NIST
  • FedRAMP
  • GDPR
  • HIPAA
  • CMMC

Independent Technology & Vendor Assessment

A neutral, third-party expert analysis of current technology and vendors in the marketplace. This assessment ensures an unbiased, clear-eyed approach to vendor and product evaluation and selection, weighing benefit and cost.

CMMC Vendor Consulting

CMMC will be a large part of the near future for the government sector the commercial spaces (especially for regulated markets such as Banking, Energy, Petro Chemical, Education and Retail). Organizations are protecting themselves by creating web-portals that require vendors to apply and answer rigorous questionnaires along the way. Vendors inexperienced with these difficult probes may be overwhelmed with the application process, which can range from product or services offered, compliance, level of experience, and references. Falsifying or misstating capabilities to get through the CMMC process and get a contract could lead to fines or criminal charges for corporate negligence.

ESI offers a commercial supply chain vendor qualification service in which our trained professional will guide you through the CMMC process as well as help you answer the questions which you receive from your client. Supplying support documentation along with a letter of attestation is often the difference between winning a contract and or being denied approved status for future projects.