Cybersecurity Assessment Services

Stay secure with BPM’s Cybersecurity Assessment Services, including penetration testing and incident assessment support.

The question: “What should we be doing about cybersecurity?” is a question that worries countless business leaders.

The answer: Contact BPM’s proactive cybersecurity assessment specialists. Our independent team evaluates your organization by imitating the very techniques currently used by real-world attackers. By following BPM’s risk-prioritized recommendations and applying controls where threat actors are most likely to exploit your organization, a penetration test can save your organization money, resources, and embarrassment.

Here’s an overview of our services.

  • Penetration Tests – includes technical, social engineering, and physical security testing.
  • Program Assessments – includes information security program review, risk assessment, and IT general controls audit.
  • Supplemental Security Services – Incident investigations/Forensics including internal malfeasance and fraud, purple teaming, cloud configuration review, OT/ICS/SCADA assessments, ASV scanning, active directory password audit, and training.

Our comprehensive penetration testing approach.

BPM cybersecurity specialists work to identify your information security weaknesses before an attacker does. Also known as “ethical hacking,” our focused penetration testing allows us to identify exploitable vulnerabilities in your infrastructure, applications, people, and processes.

Here’s how it works:

Zero Knowledge Testing scenarios closely mirror how real-world external threat actors attempt to access your sensitive information. It leaves our testers in the dark about as many client details as possible until the testers can ascertain that data, beginning with the test’s information-gathering stage.

Open Book Testing is a cyber risk assessment that provides assurance for clients looking to work collaboratively with us. It assesses the functionality and configuration of key systems and controls and identifies potential threats or work together to ensure vulnerability remediation efforts are effective across all affected systems. This testing method involves sharing credentials, access, and system information, but it allows us to work with you to properly deploy a key application or new security controls, such as an intrusion detection system.

Blended Approach Testing allows us to combine the benefits of both Open Book and Zero Knowledge Testing. Our projects often end up using Blended Approach Testing which allows our team to access key areas of your systems, enabling deeper visibility while keeping the project scope manageable. It requires coordination to ensure that what’s in and out of bounds is well defined.

Penetration Testing

Comprehensive Penetration Test

  • Technical assessment
  •  Social engineering
  •  Physical security

Our proven penetration testing works to thoroughly assess the real-world effectiveness of information security controls. We provide a comprehensive baseline assessment by evaluating your security posture from physical, human, and technological attack vectors. These security assessment services are then combined into cascading sequences of exploits to gain access to otherwise secure systems.

Application Penetration Test

  • Web
  • Mobile
  • Code review

Clients take advantage of our in-depth penetration testing of web and mobile applications from different credentialed perspectives to model the threat populations that present the most significant risks. Our detailed methodology leverages common Open Worldwide Application Security Project (OWASP) top-10 vulnerabilities and the latest industry research to identify and exploit vulnerabilities that could compromise your data.

How can we help you assess your risk management program?

Program Assessment Services

Information Security Program Review

Our experienced Program Assessors evaluate a client’s documented Information Security Program to determine the program’s adherence to accepted best practices, and institution of organizational governance. This service gives stakeholders insight into the sufficiency of the existing program and provides recommendations to close identified security gaps.

Information Security Risk Assessment

This collaborative process between BPM and the client conducts an assessment of the risks posed to client sensitive information. The assessment includes a security threat modeling or asset inventory-based risk assessment methodology. The assessment then determines the likelihood, impact, plan of action, and residual cyber risk that exceeds organizational tolerance.

Supplemental Services

Breach Assessment / Incident Assessment

If you have, or suspect you have, experienced a breach or incident, we’ll conduct an independent assessment and debrief. Our incident assessment services can also help your organization with employee malfeasance by examining digital evidence to support or refute a suspected breach of the appropriate use policy.

Cloud Security Configuration Review

Our team can relieve some of the stress of migrating to the Cloud via a Cloud Security Configuration Review. The cloud security assessment evaluates configuration, least privilege, fault tolerance, authentication, and other key security controls.

OT/ICS/SCADA Security Assessment

For organizations with mission-critical operational technology (OT), such as industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems, BPM’s security assessments provide a baseline of security control effectiveness while maintaining uptime.

Active Directory Password Audit

Passwords reign as the modern keys to the kingdom in many organizations. This audit provides insight into the security of the passwords on your Windows network.

Purple Teaming / System Validation

Are you evaluating a new security control’s effectiveness or looking to mitigate known vulnerabilities you can’t simply patch? Our Purple Teaming service combines your internal expertise with our team of proactive security specialists to collaboratively solve security challenges in real time and validate the system is functioning as intended.


Vendor (PCI ASV) Scanning Are you looking to stay compliant with PCI regulations for processing credit card information? Our easy and affordable scanning service will help you fulfill these requirements.

Incident Response Tabletop Exercise

This exercise is a realistic simulation of a cyber incident that allows organizations to test and evaluate their incident response plans and procedures. Led by experienced cybersecurity professionals, the exercise provides a safe and controlled environment for participants to practice their roles and responsibilities in responding to an incident. Through the exercise, organizations can identify and address gaps in their incident response processes, improving their overall preparedness to effectively handle a real-life cyber event.

Cybersecurity Cultural Assessment

We phish, interview, and eventually survey employees to learn their level of cybersecurity awareness. This provides an indication of where your organization stands regarding cybersecurity readiness, specifically evaluating the people who have access to your systems and tools.

Firewall Configuration Review

Through this review, our team can identify key firewall rules and settings to assess configuration, least privilege, fault tolerance, authentication, and other essential security controls.

Wireless Networks

WiFi networks can be a highly accessible entryway for a threat actor to gain access to your network. Our assessment determines how susceptible your wireless network is to these cyber threats.

Systems, Devices, and Hardware

If your organization has a device or proprietary hardware connected to sensitive information, it is a good practice to subject it to testing to see the potential consequences of getting in the wrong hands.

Telework Security Assessment

If your employees are accessing sensitive data in a remote work environment, consider a Telework Security Assessment to ensure secure data protection.

Live, instructor-led Security Training

  • Board/Leadership Cybersecurity Governance Training
  • Social Engineering Awareness Training

Financial Institution Services

  • Online Banking Assessment
  • Core System Security Assessment · GLBA Gap Analysis
  • FedLine Attestation
  • SWIFT Attestation