Cyber Due Diligence
Understand the security level of a potential merger or acquisition entity, and how this may impact the security level of your organization in a Merger & Acquisition (M&A) process.
Before a merger or an acquisition, it is imperative to identify the current security level of the merged or acquired entities, to ensure that any security debt is identified and understood. With Improsec’s Cyber Due Diligence, the potential merger or acquisition entity is assessed with a risk-based approach, that will aim to identify security issues that pose the highest risk to your organization.
Product
The deliverable of a due diligence analysis is a written red flag report containing the following:
Observations on the company security setup are flagged according to criticality and risk.
A more detailed outline of the current cyber security state within the organization.
The analysis is designed to consider the sector and complexity of the company. i.e. the expected security state
Value
Increase transparency in how your company handles cyber security and boost attractiveness in an M&A process
Identify the current security level of merged or acquired entities
Describe security issues that pose the highest risk to your organization and that might have an impact on the transition process
Method
A Cyber Security Due Diligence focuses widely instead of narrowly – resulting in an understanding of the overall security level of the entirety of the organization. Our analysis is based on guidelines from CIS, ISO27x, NIST, and other recognized best-practice security standards. The concluding security state is assessed based on a combination of documentation, meetings, and interviews involving representatives of IT Management as well as IT Specialists. In addition, relevant technical tests are conducted on critical parts of the IT infrastructure, selected networks, systems, and data.
Involvement
Through a close dialogue we will, together, agree on scope and content.