Security Assessments

Understand your risk.

Alchemy’s security assessments measure a company’s security posture against industry best practices, compliance requirements and industry frameworks. An assessment identifies vulnerabilities and measures the effectiveness of the organization’s controls, which can include people, process and technology vulnerabilities and span across the entire business. It will help you determine risk, which is the potential for loss if a vulnerability is exploited. Guidelines and standards for security assessments are published by organizations such as National Institute of Standards & Technology (NIST), SANS Institute and PCI Standards Council.

Types of Assessments

Vulnerability Assessment – Identifies weaknesses that can be exploited
Risk Assessment – Quantifies risk and potential loss based on asset value
Compliance Assessment – Confirms compliance with required standards, such as HIPAA or PCI Penetration
Testing – Simulates an internal or external attacker against the company’s network

Assessment Benefits

  • A security assessment ensures that you are aware of security risks within your environment. You can’t fix a problem if you don’t know it exists. It will also serve as your initial baseline so you can track positive progress in your security program.
  • Assessments can help to document the progress being made to protect the company.
  • Due diligence, which is the effort made by a company to avoid harm as determined by a reasonable person. If your company encounters a security breach, your company’s legal exposure and financial penalties can be impacted by the due diligence you’ve shown in defending against threats. A security risk assessment is the first step in showing due diligence. The second step is making an effort to address the vulnerabilities that were found.
  • Maintain compliance. Some industries require security assessments as a condition of compliance. The Security Rule of the Health Insurance Portability and Accountability Act (HIPAA) is one example.

Line Card

Regulatory and Framework

  • NIST CSF Assessment
  • HIPAA Assessment
  • C2M2 Assessment

Cloud and Architecture

  • AWS Security Assessment
  • Azure Security Assessment
  • Security Architecture Assessment
  • 365 Security Assessment

Red Team Services

Network Security

  • Internal Penetration Test
  • External Penetration Test
  • Wireless Penetration Test
  • Firewall Assessment
  • Network Architecture Assessment (Firewall, VPN, Router, Switches)
  • Host Penetration Assessment
  • Active Directory Assessment

Application Security

  • Web Application Penetration Assessment
  • Web API Penetration Testing
  • Mobile Application Security Assessment
  • Thick Application Assessment
  • Web Services Security Assessment
  • Enterprise Mobility Management Assessment

Social Engineering

  • Phishing Assessment
  • Physical Penetration Testing
  • Social Engineering (Phone) Assessment
  • OSINT/Reconnaissance Assessment


  • Goal-Oriented Red Team Assessment
  • Threat Modeling and Architecture Assessment
  • Security Technology Assessment
  • IT Security Gap Assessment

Incident Response and Forensics

  • Compromise Assessment
  • Malware Assessment
  • Incident Readiness Assessment
  • Forensic Capabilities Assessment
  • Security Tools Assessment

Industrial Control Systems

  • ICS Compromise Assessment
  • ICS Security Assessment
  • Building Automation Assessment
  • ICS Security Technology Assessment

IoT/Embedded Systems

  • Embedded System Security Assessment
  • Automotive System Assessment
  • Medical Device Security Assessment
  • Clinical Application Assessment
  • Med Secure Assessment Framework

Request a Security Assessment

Enter your information below and an Alchemist will reach out.