IT Security GAP Assessment

Schedule your security consult today

IT Security GAP Assessment

The objective of the Information Security Assessment is to provide feedback to the Customer with respect to its ability to preserve the Confidentiality, Integrity, and Availability of the information maintained by and used by the organization. Security is assessed for information privacy compliance.

Using various Security Frameworks including Octave Allegro, NIST and others, Redhawk will test the use and implementation of security controls used by your organization to secure sensitive data.

To Accomplish this, Redhawk reviews several sets of process controls, technology controls, and physical security controls Including:

Administrative Controls Reviewing policy, procedures, disaster recovery, business continuity, critical vendors, operations, information security, risk assessment, and regulatory compliance.

Physical Controls Reviewing access control, data center security, environmental security, wiring closets, fire suppression, and protection of sensitive information (clear desk/clear screen policy, locking facilities, disposal of documents / media and video surveillance).

External Technical Controls Analyzing firewall configurations, internet design, exposed services and border devices, internet servers, intrusion detection/prevention systems, and remote access.

Internal Technical Controls Test performed to identify vulnerabilities on the WAN, LAN, Voice system, internal servers/printers, wireless networks, modems, vendor and partner connectivity, logging analysis and report, data-in-transit and portable devices.

Wireless Controls Identify wireless coverage overreach into non-private areas, identify weaknesses in wireless technical controls, Analyze wireless network architecture, search for rogue access points and analyze wireless security configurations.

Control’s Review of Industry Specific Critical Applications

In addition, Redhawk will review controls specific to the data in the core applications regulated by industry:

Financial Institutions

  • Regulatory guidance is overlaid for FFIEC, GLBA, and Sarbanes Oxley compliance.
  • Electronic Banking Controls: Review controls to gain reasonable assurance best practices and regulatory compliance are met.

Healthcare Providers

  • Regulatory guidance is overlaid for HIPAA and relevant standards including: §164.308, §164.310, §164.312, §164.314, §164.316.
  • Electronic Medical Record Controls: Review your technical environment and the potential gaps in your security protecting patient data.


  • SCADA System Controls: A deeper technical, physical, and administrative analysis of your technical environment and the potentials for gaps in your security as they relate to FERC, ISO/IEC 27001, ISO 27702, and NIST frameworks.


  • CJIS Controls: A comprehensive review of all Criminal Justice Information Security controls and where you need to improve to meet CJIS requirements.
  • NIST 800-171 Controls: A complete evaluation of your ability to protect Controlled Unclassified Information.

The Redhawk IT assessment processes are facilitated by the Redhawk Cybersecurity Portal, which provides remote reporting and facilitates collaboration between Redhawk and your company's staff. The portal includes the capability to securely share documentation, review drafts, and input responses to findings directly into your report.