The TrustedSec Merger & Acquisition Security Assessment draws on our knowledge of advanced threat actors, experience responding to security breaches, and expertise evaluating security programs.

We help clients assess, reduce risk, and address potential security gaps throughout the merger and/or acquisition process. This assessment is designed for organizations seeking a rapid cybersecurity risk assessment as part of a merger and acquisition process by analyzing and measuring the acquisition’s environment and risk levels to determine what risks are present. After the analysis, the client receives a report outlining the findings and recommendations. The deliverable will assist clients in deciding whether initiatives to connect the business networks should continue or if additional remediation/mitigation efforts are required before the systems are integrated.

TrustedSec will evaluate the acquisition target’s cybersecurity programs across five core security domains, each of which is mapped to compliance, security, and industry frameworks.

This methodology gives focus to current data protection capabilities and their relative soundness. These areas are often the highest risk to the acquiring organization:

Data Protection

  • Evaluates the data protection framework and capabilities
  • Determine whether adequate data classification and identification capabilities exist
  • Defines high-target information assets
  • Reviews data storage and external data transfer mechanisms

Access Controls

  • Reviews the access controls policy and procedures
  • Assesses whether suggested security controls appear to be leveraged
  • Reduces the risk of inappropriate access to sensitive data
  • Reviews onboarding and termination procedures
  • Ensures proper controls are enforced for data access

Incident Detection & Response

  • Reviews existing people, processes, and technologies deployed
  • Detects, analyzes, escalates, responds to, and contains advanced attacks
  • If an incident is detected, determines if the current capabilities are able to respond and contain a threat

Infrastructure Security

  • Reviews protection mechanisms, policies, processes, and configurations deployed throughout the network and endpoints
  • Ensures that effective controls are in place to prevent compromise
  • Reviews email/web filtering, IPS/IDS, remote access tools, and monitoring capabilities
  • Determines maturity and level of protection

Threat Inheritance Assessment

  • Performs a series of baseline internal/external vulnerability assessments
  • Documents all known enterprise vulnerabilities
  • Reviews key assets for known Indicators of Compromise (IoCs)
  • Determines if an adversary may have already breached the target’s systems

Featured Content

Research + Red Team + Risk Management: Assessing Evolving Threats


Talk with an Expert

  • This field is for validation purposes and should be left unchanged.
David Kennedy

Author: David Kennedy

Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.