1-609-429-0375 info@compumedix.com


Information Risk Management


What does a Cyber Security Risk Assessment cost?      
One of the most frequently asked questions from small local businesses to large global enterprises is what does a Cyber Security Risk Assessment cost? The average cost of a Cyber Security Risk Assessment is impacted by the scope, size, and complexity of the IT environment, size of the organization, type of industry, number of geographic locations and data centers, and complexity of internal processes. In evaluating the cost for a cybersecurity risk assessment, many industry analysts point to the TCO (total cost of ownership). The TCO for a cybersecurity risk assessment includes the methodology and approach used, experience of the assessors, and quality of the end product. The starting cost for a typical cybersecurity risk assessment for a business with 50 employees is $8,000. Managing the cost of a cybersecurity risk assessment is of course very important – but a cybersecurity risk assessment must follow a sound approach, with experienced assessors to provide value to the organization. For over a decade CompuMedix has provided cost effective cybersecurity risk assessments to multiple organizations, across industries and around the world.

• Information Risk Assessment
• Privacy Assessment
• Governance Assessment
• Cloud Feasibility Assessment



The effective use of the Information across all verticals is now an accepted organizational imperative for all businesses for improved efficiency, cost reduction and information risk mitigation. Creation and implementation of a Governance program is must, as it provides the best practices, relevance, and standard approach to apply when managing unstructured information. The design approach includes overall structure, resources, roles and responsibilities.


Due to the increased internal and external threats in the past years and various compliance requirements imposed by the regulations for the privacy and security of sensitive data, many organizations are obligated to implement appropriate controls. Often, it is easy to know where sensitive data should exist but in reality, due to negligence in applying appropriate control and ease of convenience, companies lose track of these informational risks.

Developing a standard framework for classification of documents and information in terms sensitivity, privacy, or security requirements (such as Public, Internal Use Only, Confidential, etc.), as well as alignment to appropriate protocols for access control and security is a necessary first step to gain the control of information risk.
Especially for PII and PCI regulatory requirements, it is important to construct an inventory of document types that contain sensitive information such as trade secrets and personally identifiable information (PII). Each data classification (security level), must correspond to a required minimum set of controls and safeguards that custodians and systems must apply to ensure adequate data protection.
By utilizing technology tools and a theme based approach you can identify your risk exposure and take appropriate actions to remediate the problem.
We work with our clients to help with following:
• Data Classification Standard Development
• Sensitive Information Inventory
• Controls and Safeguards Requirement Identification
• PCI/PII Data risk identification & audit


Our Virtual CISO (vCISO) service helps businesses develop and implement security programs that guard sensitive information, strengthen brand reputation, and protect customer data. Each vCISO is led by one of our security experts and backed by a supporting team of analysts and consultants.
Providing security leadership and guidance when and where you need it.
Our vCISO service is designed to deliver expert security insight, leadership, and support, while functioning as an extension of your business. We have current clients ot attest the benefits and cost savings associated with this service.