Our Security Best Practice Evaluations are designed to assess select aspects of your environment for adherence to current best practices.

Results and recommendations allow you to proactively address weaknesses before they cause a breach. 

11 Security Best Practice Evaluations

All evaluations below are options within our customizable IT Security Assessment

These vital evaluations also grow with your organization.

Select what fits your needs now, with freedom to change year-to-year as your security challenges and priorities shift.

Ransomware Preparedness

Ransomware attacks now occur every 2 seconds. That’s why we developed this audit option to focus on your organization’s ability to mitigate risks associated with ransomware. Our experts will assess your security controls, policies, and practices for the prevention of ransomware attacks, as well as your organization’s ability to rapidly react to and swiftly recover from such incidents. To add a technical assessment of your endpoints security, consider our Ransomware & Endpoint Compromise Simulation.

Network Security

This audit option focuses on identifying security risks to the environment originating from configuration deficiencies, such as excessive use of administrative rights, insecure password requirements, insecure account lockout settings, and improper monitoring. Even environments with a minimal number of vulnerabilities often have similar misconfigurations that can put your organization at risk. 


The frequency and sophistication of today’s viruses in the hands of increasingly aggressive hackers is daunting. To help you steer clear of the 5B+ malware attacks annually, as well as the 270K+ new malware variants this year, our team will evaluate the setup, updating, and alerting capabilities of your antivirus system(s). We will also look to ensure there is a multi-layer approach, including perimeter protection, as well as a multi-vendor approach to ensure the quickest access to updated virus definitions. 


A vital component to any comprehensive assessment, this audit option is highly recommended due to its importance. The existing policies for authentication, administration, updates, change management, VPNs/encryption, monitoring, and others are evaluated against industry best practices. Our experts will provide recommendations to minimize security risks and help protect your environment.

Remote Worker

Reflecting the dramatic increase in off-site personnel, as well as the expanding Internet of Things (IoT), this audit option evaluates the technology, policies, and procedures for deploying employees into remote locations from your headquarters. We will address issues related to person versus business equipment, authentication, encryption, malware protection, and many other areas related to remote workers.

Microsoft Office 365

With 91% of all cyber-attacks starting with an email, this audit option is key. Our experts will evaluate configurations and policies related to Office 365, including those that can mitigate email and other cloud data threats. We’ll also ensure your organization has performed key steps to secure the integrity of your Office 365 instance and its applications and provide recommendations to harden your defenses against these and other cloud data threats.

Mobile Device Management

Today’s mobile devices account for 60% of all digital fraud, making this audit option wise. Our experts will evaluate security controls and configurations related to Mobile Device Management (MDM), including corporate-owned devices and BYOD environments. We ensure your organization has performed key steps to secure the integrity of mobile assets against phishing attacks and theft.


This audit option focuses on security controls pertaining to VMware, including vCenter Server, hypervisors, and virtual hosts/applications. While primarily evaluating controls and configurations, the evaluation also questions the security hygiene of the virtual environment and its hosts. Our experts will evaluate the VMware environment to enhance the security posture of your organization’s virtual infrastructure

Wireless Confirguration

With the pervasive rollout of wireless technology in production environments and related security risks, this audit option has become a necessity. Our team will evaluate your wireless implementation to ensure your organization is using best practices in administrating wireless network devices. We will evaluate authentication, encryption, device administrative settings, and logging.

Password Audit

Our Active Directory password evaluation is much more than an analysis of passwords used. We provide a comprehensive report that includes detection of weak passwords, as well as a multitude of vulnerabilities associated with password policies (e.g. administrative accounts with aging violation, weak, duplicate passwords; passwords stored using reversible encryption; accounts missing Kerberos AES keys, etc).

Facility Security

This audit option evaluates the physical safeguards that protect the network infrastructure equipment, as well as a clean desk review (i.e. sensitive information left in public view). Our experts will perform this evaluation at your organizational headquarters and/or selected secondary locations of your organization. For additional on-site testing, consider our Red Team Assessment.

More Coming!

Check back here often, as we regularly add to our Security Best Practice Evaluations to help you address emerging security challenges.

All evaluations above are options within our fully customizable IT Security Assessment.


Meet the Team Still Shot