Cybersecurity Assessments

Our cybersecurity approach focuses on the people, processes, and technology supporting your cybersecurity program.


Industry Experience +

IT Risk Expertise

Cybersecurity is top of mind for most, if not all, organizations and executives as cyber crimes increase and become constantly more sophisticated.

Johnson Lambert’s cybersecurity assessment services are designed to specifically address the cybersecurity concerns of the focused industries we serve, utilizing best practices from various requirements and frameworks, including but not limited to NIST, NYDFS Cybersecurity Regulation, CIS Top 20, COBIT, AICPA Trust Services, COSO Internal Control Integrated Framework, and ISO 27001.

We are members of the Center for Internet Security, and utilize their benchmarks, as well as our proprietary tools, to execute each assessment that includes a customized toolkit and a summary report.


What to Expect in a

Cybersecurity Assessment

Our cybersecurity assessment projects are broken into four phrases, and through this phased approach we evaluate your core cybersecurity functions such that we can report on the strengths and areas in need of improvement.

Phase 1: Planning

We gain an understanding of your IT environment and data flows, identify key contacts, and define risk assessment likelihood and impact thresholds, and obtain inventory of systems and data stores.

We engage in conversations with key personnel and stakeholders, review reports and policies, and perform a walkthrough of critical cybersecurity processes.

Here we will assess potential cybersecurity program gaps and meet with management to co-develop risk assessment and recommendations for improvements.

Our final stage includes developing a roadmap for next steps to improve the cybersecurity processes and sharing those results with your team.



Assessment Objectives

Why should your organization conduct a cybersecurity assessment? Boards, management, customers, employees, business partners, vendors, and other stakeholders are all implicated in the safety and security of your IT environment. For these reasons, strong cybersecurity programs are critical, and working with Johnson Lambert to assess your cybersecurity controls and operations will give you increased confidence around these objectives.


Evaluate the effectiveness of your cybersecurity program


Introduce the risk based focus of cybersecurity to all levels of your organization


Enhance your internal cybersecurity operational processes


Assess controls over third party service provider management



Engagement Design

Our cybersecurity program assessment can be scaled based on your reporting needs.

Tabletop Review

Facilitated session to walk through your cybersecurity governance processes and layers of security.

Program Design Assessment

Evidence of cybersecurity program controls will be analyzed by our team to validate control design effectiveness and implementation.

Operational Effectiveness Assessment

Controls will be tested over a period of time to determine whether they are designed and operating effectively.

Cybersecurity SOC Report

Examination of cybersecurity program in accordance with the AICPA’s cybersecurity risk management reporting framework to report on cybersecurity risk management programs.


Be Updated of

What’s Happening

A Better Way Forward: Zero Trust

Shadow IT Reminders: In one of our previous blogs, “Shadow IT: Get The Low Down Before You Download” we discussed how Shadow IT has become even more prevalent as people move to remote work. We discussed how Shadow IT use […]

Pros and Cons of IoT

October 2020

Pros and Cons of IoT

Understand Internet of Things (IoT) As economies across the world try to determine the new way of life due to the COVID-19 pandemic, the demand of connected devices continues to rise. These devices are also called the Internet of Things […]

Managing Third Party Service Provider Risks

Loss or theft of customer, financial, or employee data, even if not financially material, could cause permanent operational and reputational damage to companies. Companies that collect and maintain significant amounts of sensitive nonpublic information are susceptible to Cybersecurity attacks and […]

Shadow IT: Get The Low Down Before You Download

Defining The Problem: The move to remote work and education as a result of COVID has dramatically increased the use of cloud services for collaboration (e.g. Microsoft Teams, Zoom, Slack) and business services (e.g. Salesforce). Tech-savvy users may have also […]

Have You Addressed Your Cyber Threats?

It seems no one is immune to cyber-attacks these days, including employee benefit plan (EBP) administrators. Plan administrators oversee and execute financial transactions, participant requests and update plan and participant records electronically. This sensitive information includes, but is not limited […]




We proudly add value to our clients by specializing in providing these services to your industry, working with various entities similar in operations, size, or areas of opportunity.


Johnson Lambert’s team comprises integrated IT and financial/operational auditors who have the specialized skills and focused experience in the insurance industry. The team also has decades of combined experience in evaluating IT risk and controls processes.


In working with nonprofits of various sizes and complexities, our team brings the understanding and experience of nonprofits cyber risks and challenges. That understanding in addition to our project management skills, methodology, and specific IT risk and control background add value to our association and other nonprofit clients.


Seeking a World Class Partnership?

Reach out to Johnson Lambert today to see how we can be of service to your organization.