Cybersecurity Check-up

Get a check up to lower your exposure

The Calvetti Ferguson cybersecurity check-up is a light-touch look into your IT environment and is normally completed in a few days. The cybersecurity check-up allows management to have a useful glimpse into how they are handling common risks to the company’s IT environment. This solution helps management identify areas in need of improvement, as well as areas where it might make sense to take a deeper dive. Our high-level examination is customizable and scalable to accommodate the unique needs of organizations of all sizes, complexities, and industries. Our proprietary methodology is based on NIST Cybersecurity Framework (CSF), NIST SP 800-53 r5, and COBIT 2019. 

The cybersecurity check-up is designed to assist organizations in:

  • Understanding their current security posture

  • Assessing their exposure to common vulnerabilities and threats

  • Making a preliminary evaluation as to the design of controls currently in-place

Our clients receive valuable insight into areas where they might be carrying significant risks, a preliminary evaluation as to the quality of controls in place, and detailed recommendations to help their organization improve.

The check-up is primarily focused on the areas of:

  • IT governance
  • Logical and physical security
  • Change management
  • IT operations
  • Problem management
  • Incident response
  • Business continuity
  • Disaster recovery
  • Third-party risk management

Our cybersecurity check-up process

Stakeholder meeting

The cybersecurity check-up begins with a collaborative meeting between stakeholders and the Calvetti Ferguson technology risk team to better understand your business and technology environment.

Process owner interviews

We then interview relevant process owners to understand the current state of systems, processes, and controls in order to identify potential vulnerabilities and threats, and work to determine “what could go wrong”.


We will present your organization with an assessment that provides management a high-level overview of your current security posture, identifies gaps in your internal control framework, and recommends remediation strategies on how to address those items.

Opportunities for improvement

Additionally, we will provide management with a listing of “process improvement opportunities” which consist of informal recommendations and best practices that management might consider for implementation.

Customized phishing simulation campaign

This goes beyond “canned” phishing simulations to give management valuable insight into the company’s true susceptibility to phishing attacks, which can lead to ransomware infections, stolen credentials, email compromise, and other incidents.

Contact us

Whether it is a ransomware, malware, or other event that impacts your organization, it is not a question of if but when it will occur. There is no size of entity that is immune from attack or safe from suffering financial harm. Thoughtful preparation, quality end-user training and robust response planning is crucial to managing your exposure. We can help you be prepared.