Compliance Gap Assessment & Planning. A gap assessment is a comparison between current controls and required controls. A gap assessment differs from a risk assessment in that the analysis of the impact of found gaps is not required in a gap assessment. This service is useful for organizations preparing to comply with a specific regulation or set of security requirements. Lantego provides gap assessments for specific regulations: NIST CyberSecurity Framework, HIPAA, PCI DSS, SOX (CobIT), GLBA, ISO/IEC 27001/2, NERC CIP, and NIST 800-53 (FISMA). 

  • HIPAA Security & Privacy Gap Analysis

  • PCI DSS Gap Assessment

  • ISO 27002 Gap Assessment

  • FISMA / NIST 800-53 Gap Assessment

  • NIST CSF Gap Assessment

Doug landoll is a leader in security risk assessments.

Doug landoll is a leader in security risk assessments.

Security Risk Assessment. A security risk analysis (or assessment) is an objective analysis of the effectiveness of the current security controls that protect an organization's assets and a determination of the probability of losses to those assets. A security risk assessment is a required element of many information security regulations (NIST CyberSecurity Framework (CSF), HIPAA, GLBA, SOX, ISO/IEC 27001/2). Security risk assessments differ from Gap Assessments in that additional tasks are added to determine the impact on corporate assets. These additional tasks allow for a prioritization of recommended countermeasures.  

  • HIPAA Meaningful Use Security Risk Assessment

  • PCI DSS Security Risk Assessment

  • FISMA / NISt 800-53 Security Risk Assessment

  • NIST CSF Security Risk Assessment


  • ISO 27001:2013

Remote Cybersecurity Risk Assessment. Small to medium businesses (SMB) have all the same (if not more) information security regulations, technology, and threats that larger businesses have, but without a large budget for an independent risk assessment. In order to serve this market, Lantego has created a remote cybersecurity risk assessment process. This process greatly reduces the price of the assessment by eliminating onsite observations and interviews, utilizing survey-based interviews, and simplifying the final report. This service is limited to SMBs and single regulation (e.g., HIPAA Security, PCI DSS v3.2, FISMA/NIST 800-53, NIST CSF, FFIEC CAT, or ISO 27001:2013)

Crown Jewels Assessment. Seventy percent (70%) of an organizations asset value is contained in less than 2% of their data. These “crown jewels” require the most rigorous protection. A Crown Jewels assessment limits the scope of a security risk assessment to the company’s key assets and an extremely effective assessment approach.

Quick Hit Assessments (1 week). Need expert guidance or an outside view? The quick hit assessment is designed to review your current security posture, define your security strategy and put a plan in place to define and meet goals over the next several years. This assessment completes within a single week and provides you the confidence you need to plan out your overall strategies.