Business Risk Assessments


Is security in place within your business units? Lines of Business manage data within their span of control and work directly with vendors. These service offerings address LOB Risk Assessment, Business Process Risk Assessment and FMEA Process Risk Evaluation. Gain visibility into security issues and mitigate risk to an acceptable level.

I. Line of Business Risk Assessment

This service evaluates cybersecurity within a Line of Business (LOB). The assessment scope begins with LOB services, following the data flow. LOB processes, technology and administrative controls are assessed to identify areas for improvement.

Areas of focus include:
  • Data Management
  • Application Governance
  • Third parties
  • Call Centers
  • Access Control
  • Process Design
    - Insider Threat
    - Fraud
Deliverables include an assessment report and a slide deck presented to executive leadership.

II. Business Process Risk Assessment

This service is typically used to evaluate one or two processes within a Line of Business (LOB). The focus is operational risk, inclusive of cybersecurity, insider threat and fraud. The end-to-end process is evaluated to include data flow, application governance, Third Party Risk Management and spreadsheet risk. We only focus on applications and vendors within scope of the processes. It is permissible to validate cybersecurity controls such as access control and business continuity however.

NOTE: If process documentation is not in place, the engagement can begin with a Process Design Workshop. That enables the LOB to create a process diagram on their own or with additional coaching.

Deliverables include an assessment report and a slide deck presented to executive leadership.

III. FMEA Process Risk Evaluation

Failure mode and effects analysis (FMEA) is widely used by corporations, manufacturing firms and the U.S. military to evaluate processes or systems. This service provides an overview of FEMA and leads client personnel through critical evaluation of a critical process. Potential failures are prioritized by impact severity, probability of occurrence and likelihood of detection. FMEA risk ratings and narrative rationale can be used to quantify exposure to management and to facilitate remediation.

Deliverables include an assessment report and a slide deck presented to executive leadership.

Fees and Payment

Assessments are billed as a deliverable, with payments during stages of the project. Professional Services are billed at a flat hourly rate, not including travel expenses. A minimum number of hours are purchased on retainer. Services are billed monthly.

Next Steps

Each engagement is customized to meet the needs of the client. The first step in the process is to have a conference call. We work together on a list of bulleted requirements. Virtual CSO responds with a Statement of Work.


"I had the pleasure to work with Gideon recently and I am impressed with his professionalism and attention to details. With his knowledge and expertise in cybersecurity, he was able to guide our staff and help them complete a risk assessment of their processes effectively and provide meaningful recommendations. Gideon was timely with his deliverables and conscious about our business needs."

Assessment Options

Custom assessments may be conducted based on the needs of the client. Here are examples:

This service offering description provides an overview for informational purposes only. The Statement of Work and the Master Services Agreement are the official documents for each Professional Services engagement.