Entrepreneurial Spirit. Independent expertise.

Information Security Testing

Risk assessments and security testing are an important part of any information security program. GBQ offers an array of assessments and tests that range from the strategic to the highly technical. These include:

Security Program Review – a formal measure of the maturity of your security program. Is it reactive? Improving? Mature and aligned with company goals? A Security Program Review helps you improve the security operation in your organization.

Risk Assessment – A risk assessment identifies potential security issues and analyzes what could result if something actually happens. It prioritizes issues based on the likelihood they might happen and the impact they would have to your organization if they do happen. A risk assessment helps you prioritize your security program investments.

Controls Assessment – A comparison of an organization or system against a defined control set. Such as NIST, SANS CAG, OWASP and so on.

Compliance Assessment – A comparison of an organization or system against the requirements defined by a regulatory authority such as HIPAA, PCI, and GLBA.

Security Architecture Review – A security architecture review takes a high level look at your IT architecture focusing on the major elements of your systems and how those elements broadly interconnect.

Security Assessment – a review of your technical information security pogram from the prospective of baseline controls expected of firms following leading information risk management and security management practices in today’s adversarial environment.

Vulnerability Assessment – a review of an organization’s controls to determine areas of potential risk and identify areas with weak or non-existent controls in place.

Application Assessment – a review focused on a particular application target typically a web application or mobile application.

Incident Management – The overall process of response when an incident has been discovered or reported.

Incident Response Test – The specific actions taken as specified in the organization’s incident response plan to react to an active incident and protect the organization.

Penetration Test – a test of an organization, network, system or application which uses technical tools in an attempt to gain access to an organization’s network and data.


  • Doug Davidson
  • Director of Information Technology Services
  • (614) 947-5340