The CISO Assessment

Ever wonder what your information security program looks like from the eyes of an experienced CISO? This may be an opportunity for you to do just that. Our CISO Assessment is a practical overview of where your program stands and where it can improve, customized to the size and complexity of your financial institution.

It’s very similar to our virtual CISO onboarding process: one of our experts will look at various areas of your cybersecurity program as if they were going to be managing it for the next year. This means you’ll get a clear picture of what your most pressing priorities should be over the next 90 days and a roadmap for the next 12 months.

You already get regular IT audits, so this may seem redundant. But the CISO Assessment isn’t meant replace your IT audit; you still need to conduct professional, independent testing of your key controls. Instead of digging into the details of every control, we take more of a strategic approach that’s not in the scope of most audits. We don’t claim to be auditors, and most auditors don’t claim to be experienced CISOs.

Simply put, this is proactive real-world advice for anyone wanting to improve their information security or IT governance.

Some of the key areas we look at:

  • Governance Structure
  • Cybersecurity Controls
  • Policies
  • Incident Response Plan
  • Business Continuity Plan
  • Monitoring Capabilities
  • Risk Assessment Process
  • GLBA Reporting
  • Vendor Management
  • Audit and Pen Testing Scope and Results
  • User Awareness Training


  • 90-day action plan – prioritizing your most critical items that need to be addressed.
  • 12-month roadmap – suggested next steps for continued improvement.

Price: $2500*

*Discount: $2000 off onboarding if you contract with Bedel Security for vCISO services within 90 days of final report.

This assessment is best suited for Community Institutions under $2B in assets** that:

  • Want to better align their ISP with their overall business goals
  • Want to know where they stand against other banks of similar size and complexity.
  • Want a completely independent set of eyes that not only sees the gaps in your program,
    but also creates a custom
    prioritized roadmap of what to address first.
  • Want to know if processes are adequate to manage IT Risk.
  • Want to know if staff and leadership have the training, tools, and resources to sufficiently manage the Information Security Program now and going forward.
  • Want an experienced CISO perspective.

**If your institution is over $2B in assets please contact us at for more information on assessments for your institution.

Fill out the form to receive more information!

Proud Associate Members of: