An affordable risk assessment for small and medium businesses.

The NIST Cybersecurity Framework specifies a cyber risk assessment as part of implementation, one that evaluates the likelihood of threats and the impact they will have.  Our risk assessment meets these objectives by mapping a high-level business profile to cybercrime statistics across ten well-defined threat categories.

We also have a guide for small business executives that need a non-technical understanding of the NIST cybersecurity framework. The book illustrates the business principles behind cyber risk management, and then shows how those concepts map to the NIST Cybersecurity Framework.  It is great way to educate executives on their role in managing cyber risk.


ID.RA – Risk Assessment: The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.

  • ID.RA-1 – Asset vulnerabilities are identified and documented
  • ID.RA-2 – Cyber threat intelligence and vulnerability information is received from information sharing forums and sources
  • ID.RA-3 – Threats, both internal and external, are identified and documented
  • ID.RA-4 – Potential business impacts and likelihoods are identified
  • ID.RA-5 – Threats, vulnerabilities, likelihoods, and impacts are used to determine risk


We pushed aside the technical jargon to explain the business decisions that make the difference between surviving and thriving in the face of rising cybercrime.

Cybersecurity: A Business Solution
A business approach to cyber risk management

Our guide gives business context to the NIST Cybersecurity Framework.

Need some free stuff to get you started?

We offer free tools and resources for small businesses looking to learn more about the NIST Cybersecurity Framework.  If you are a provider of cybersecurity solutions, and would like to co-brand any of the free resources, please pop over to the Contact Us page and let us know.