Skip to content

Cybersecurity Assessment



The purpose of the Cybersecurity Assessment Service Package is to determine whether your company has legal liabilities, legally-mandated reporting requirements, insurance obligations and regulatory compliance issues arising out of infirmities in its computer network and systems.

We are able to make these determinations because we have partnered with IT Security Solutions, an information security and risk management firm with a unique offering: the ITS SafeTM security appliance.  ITS Safe monitors active traffic between all devices within the network and to and from foreign countries, unknown endpoints, highjacked IP addresses, the TOR network and the dark web.  Based on data collected by ITS Safe, and on its own assessment of the client’s legal environment, GCO will provide an opinion on the legal implications of the technical findings.

The Cybersecurity Assessment Fee depends on which type of Service Package you choose.

  • The Preliminary Cybersecurity Assessment is designed to determine whether there are threat actors in your current business network environment and whether they pose legal risks.  In the Preliminary Assessment, we attach ITS Safe behind the firewall and ‘watch’ traffic for a period of 24 hours.  We recover the ITS Safe device, run an analysis, and produce an executive summary of findings and a legal opinion.  At the end of the Preliminary Assessment, you should be able to determine whether a Formal Cybersecurity Assessment is warranted.
  • The Formal Cybersecurity Assessment is a much deeper and more involved examination of your network traffic, attached devices, threats and threat actors, and legal exposures.  In the Formal Assessment, we attach ITS Safe behind the firewall for a period of 1 week, and periodically examine activity to determine if security breaches are underway.  If you choose, we will configure ITS Safe to block threat actors as it finds them.  The legal assessment that GCO provides is a very thorough one, based on a deeper knowledge of where information resides in your network and the activities involving those nodes, as well as a thoroughgoing audit of your legal documentary environment.  At the end of the Formal Assessment, we recover the ITS Safe device from your network, run thorough diagnostics on the week’s traffic, and produce detailed findings on precisely what devices and information has been compromised.  The legal opinion is similarly detailed, examining your legal risks based on your company’s contracts, insurance policies, and regulatory obligations.  In the end, you should have a clear sense of what actions you must take to mitigate your legal and technical risks.

Review Details


After you purchase one of the Cybersecurity Assessment Service Packages, we will work with your IT department and network administrator to attach the ITS Safe device to your router behind the firewall.  We will provide any due diligence to your technical people, as necessary to comply with your own security procedures.  We will configure our own monitoring software to ensure the device is working correctly, and will then depart your premises, leaving the ITS Safe appliance connected and running. If you purchased the Formal Cybersecurity Assessment, we will contemporaneously speak with individuals in your company responsible for contract administration, insurance coverage, compliance and operations.  These conversations will follow a structured questionnaire format, designed to elicit critical legal documents and facts about the information your company creates and uses, and the way that information is processed, stored and distributed within and outside of your company.  Where necessary, we will request copies of documents for detailed examination. At the end of a 24 hour period, or in the case of a Formal Assessment a 7 day period, we will recover the ITS Safe device from your network, and analyze the data that the device has collected.   Based on this analysis, we will produce technical findings and a legal opinion (see below).  After delivery of the findings and opinion we will meet with your senior management to discuss the assessment and help you determine your future actions.

Services & Deliverables

The services provided in the Preliminary and Formal Assessments are described above.  They differ based on the depth and thoroughness of both the data collected (technical and legal) and the length and detail of the resultant deliverable.
  • The Preliminary Cybersecurity Assessment deliverable will be a 3 to 5 page report, summarizing the technical findings and the general legal risks posed by the implications of the findings.
  • The Formal Cybersecurity Assessment deliverable will be a 10 to 30 page report, with appendices and associated ITS Safe log files, detailing each threat found, the systems and data affected and the severity of the threat.  In addition, the Formal Assessment will provide a detailed legal analysis of your company’s contractual, tort-based, regulatory and insurance risks, based on the threats found and the company’s actual legal environment.  Finally, both GCO and IT Security Solutions Inc. will make themselves available for live presentation of the report and questions and answer to persons you designate.
IMPORTANT: Both the Preliminary and Formal Assessments may be subject to attorney-client privilege and protected from future disclosure to 3rd parties.  In order to preserve this privilege, GCO will communicate only with persons in the company having a need to know, and will deliver reports only to executives and others in the company with a similar need to know.  The attorney-client privilege belongs to the client, and it is essential that any reports we produce or conversations we have not be shared widely with others in the company without a similar need to know. 

Additional Terms & Conditions

This Cybersecurity Assessment Service Package is governed by the terms of the GCO Retainer Agreement with your firm.  You are provided a copy at the time you register as a retainer client, or upon purchasing this Service Package if you chose not to become a retainer client. This Cybersecurity Assessment Service Package adds the following additional terms and conditions:
  1. The Service Package Fee is fully refundable upon your request until the services are rendered.  If services have been partially rendered, you are entitled to a reasonable partial refund.  The Service Package Fee will not be held in escrow and will be treated as belonging to GCO, subject to refunds.  Refunds will be credited to the credit card that you used to purchase the Service Package.
  2. GCO will contract with IT Security Solutions for the provision of these services, and will pay IT Security Solutions directly on your behalf.  There are no other fees or charges for this Service Package.  If you require in-person presentations not described in this Service Package, there may be additional expenses which will be charged without markup upon your prior approval.