Cybersecurity Maturity Assessment

Our Five Phase Methodology:


We engage with your key stakeholders and collect relevant documentation to understand your business context, goals, challenges, and expectations.


We perform a detailed analysis of your cybersecurity program using a maturity model that aligns with internationally recognized frameworks such as NIST CSF, ISO 27001, or CIS Controls. We assess your current maturity level for each domain and subdomain of the model and provide evidence-based findings and recommendations.


We deliver a comprehensive report that summarizes the results of the assessment, highlights your strengths and areas for improvement, and provides actionable recommendations to increase your cyber security maturity. We also provide a roadmap that outlines the steps and resources required to implement the recommendations.


We present the report to your key stakeholders and facilitate a discussion on the findings and recommendations. We also provide guidance and support for any follow-up questions or requests.

cybersecurity icon


Our maturity assessment can integrate bolt-on components from our CyberStreet Law and CyberStreet DPO services to give you a truly 360° view over your digital risks along with appropriate mitigations.

Contact Us

If you would like to book a consultation or have any questions about our services and how they would be of benefit to you, please do not hesitate to get in touch.

database security, phishing, hacker attack concept. hackers stealing personal data. flat design illustration vector

Our Cybersecurity Maturity Assessment is a service that helps you evaluate your current cybersecurity posture and identify areas for improvement. It is a comprehensive and systematic process that covers all aspects of your cybersecurity program, such as governance, risk management, policies and procedures, technical controls, incident response, awareness and training, and compliance.

The Benefits:

  • Benchmark your cybersecurity performance against key industry best practices and standards
  • Identify gaps and weaknesses in your cybersecurity strategy and capabilities
  • Prioritize and plan actions to enhance your cybersecurity resilience and maturity
  • Demonstrate your commitment to cybersecurity to your stakeholders, customers, and regulators



One-off baseline assessment incorporating 3 hours on-site or remote spread across a single of multiple sessions with your key stakeholders

Production of a high-level report setting out gaps observed and a recommended roadmap to improve your cybersecurity posture


On-site or remote assessment, minimum of 1 full day

Gap analysis report against common UK cyber security industry management standards (including Cyber Essentials, IASME Cyber Assured and ISO 27001)

Implementation Roadmap for remedying highlighted risks


All GOLD Package features

Assistance with Implementation Roadmap incorporating an additional 6 hours of dedicated CyberStreet support. This can be used in a variety of ways e.g., review of assessment findings with your key stakeholders, hands-on support with implementing improved processes and procedures, etc.

Bolt-On Services

CyberStreet DPO Services

Such as a stand-alone privacy audit: Contact us for quote (15% discount on our usual fees)

CyberStreet Law

Summary legal review of cybersecurity maturity assessment under UK GDPR/DPA 2018 £POA (incorporating 15% discount)

Cybersecurity Consultancy Hourly Support

£225/hour (incorporating 10% discount)

Penetration Testing

CyberStreet has partnered with IT Governance to provide a comprehensive penetration testing solution.  More details about penetration is provided below.  If you would like a quote, contact us for a solution designed for your business.

What is penetration testing?

Penetration testing (often simply called “pen testing” or “ethical hacking”) is an effective method of determining the security of your networks and web applications, helping your organisation identify the best ways of protecting your assets. Understanding the vulnerabilities you face enables you to focus your efforts, rather than employing broad methods that may require heavy investment without a guarantee that your specific vulnerabilities are being addressed.

An experienced penetration tester can mimic the techniques used by criminals while ensuring that no damage is caused. These tests can also be conducted outside business hours or when networks and applications see the least use, minimising the impact on everyday operations. The penetration tester provides a report that details any identified vulnerabilities (and where possible, demonstrates proof of concept) and offers advice on how to mitigate them.

Different Types

From a technology-based perspective, there are two core types for penetration testing, each representing a different aspect of your organisation’s logical perimeter.

  • Network tests focus on access to servers, reviewing firewalls, assessing Wi-Fi, and so on, looking for holes in the network.
  • Web application tests generally focus on vulnerabilities in input fields and user access – looking for SQL injection or cross-site scripting (XSS) opportunities, insecure session management, and so on – that an attacker could use to gain access to data or internal systems.


These vulnerabilities are open to potentially devastating attacks such as SQL injection, while apparently benign error pages can provide attackers with enough information to exploit a less obvious and much more harmful vulnerability.

A penetration tester might identify a dangerous combination of vulnerabilities that appear harmless or negligible when considered individually. Criminal hackers deliberately seek out such things, usually with automated tools.

Unpatched software also poses a significant threat to networks, as it often contains publicly documented vulnerabilities. For instance, there might be a flaw in the way an application handles user input that lets the criminal insert malicious commands, or an error in how connections are handled resulting in a denial of service. The popularity of such software is what makes it a target: the more prevalent the software, the larger the pool of targets that have not patched the vulnerability. Automated scripts are often available that allow cyber criminals to scan the Internet for potential targets with these vulnerabilities – WannaCry and BlueKeep are examples of large-scale attacks conducted in this manner.

Benefits of Penetration Testing

  • In addition to avoiding the hefty costs and penalties of a data breach, penetration testing can improve an organisation’s revenues by highlighting redundant services, inefficient processes, and so on.
  • Penetration testing is also required by a number of regulatory standards and compliance schemes, so having an established testing programme not only streamlines compliance but also makes the whole process part of business as usual. The Payment Card Industry Data Security Standard (PCI DSS), for example, requires regular penetration tests to prove – and improve – the security of cardholder data.
  • Having a penetration testing programme – with demonstrable proof that your organisation has responded to the results appropriately – is a powerful indicator that you take information security seriously. For organisations with contractual requirements to prove their information security credentials, a penetration testing programme is an excellent resource.

Our penetration testing services

Vulnerability Scanning

  • Fast, fully automated front-line defence against cyber criminals and nation-state attackers.
  • Low-cost, high-value, on-demand, do-it-yourself solution.
  • Quickly identify exploitable vulnerabilities and misconfigurations in your websites, applications, and infrastructure.
  • Find more than 50,000 known vulnerabilities, such as misconfigured firewalls or unpatched software.
  • Rerun scans as required to confirm successful remediation.
  • Run unlimited monthly scans to ensure your infrastructure patches are up to date.
  • Give customers confidence by displaying the 'Scanned by IT Governance’ badge on your website.
  • CREST-approved scanning service developed by our CREST-accredited security team.

Web Application

This Web Application Penetration Test contains a mix of advanced manual testing techniques and automated scans to simulate real-world attacks to identify risks within your web applications. It will assess:

  • Authentication
  • Authorisation
  • Session management
  • Input validation and sanitisation
  • Server configuration
  • Encryption
  • Information leakage
  • Application workflow
  • Application logic

External Infrastructure

An external network penetration test is used to detect vulnerabilities and security issues in a network that could be exploited by criminal hackers.

It involves identifying vulnerabilities, attempting to exploit them, and providing a report with risk and remediation advice. External network penetration tests use advanced techniques and automated scans to identify risks within a business by simulating real-world attacks. They cover:

  • Secure configurations
  • Network traffic
  • Secure passwords
  • Patching
  • Secure authentication
  • Encryption
  • Information leakage

Internal Infrastructure

An insider is anyone with access to organisational applications, systems and data, such as employees, contractors or partners.

The target is typically the same as an external penetration test, but relies on some sort of authorised access or starts from a point within your network.

Our internal network test will assess specified internal-facing network devices, using both automated scans and advanced manual testing techniques to assess your security and identify vulnerabilities.  They cover:

  • Secure configurations
  • Network traffic
  • Secure passwords
  • Patching
  • Secure authentication
  • Encryption
  • Information leakage

Wireless Network

Wi-Fi can provide opportunities for attackers to infiltrate your organisation’s secured environment – irrespective of security access controls.

Penetration testing can help identify weaknesses in your wireless infrastructure. It involves:

  • Identifying vulnerabilities in the wireless infrastructure;
  • Safely exploiting any identified vulnerabilities; and
  • Providing a report that contains an ordered list of issues, their associated risk, and remediation advice for identified vulnerabilities.

It uses both advanced manual testing techniques and automated scans to simulate real-world attacks to identify risks within your organisation, and covers:

  • Segmentation
  • Leakage
  • Secure authentication
  • Rogue access point detection
  • Client isolation
  • Secure configurations

Simulated Phishing Attack

This service assesses your staff’s awareness of phishing threats by simulating phishing emails that can range from unsophisticated to a highly targeted campaign. We will capture a wide range of statistics to help evaluate your employees’ awareness. These will be detailed in a report that also identifies business and technical risk and advises on how to improve staff awareness.

Entirely bespoke to your needs, this test will allow you to define:

  • The type of attack you wish to deploy to your employees;
  • Who the targets should be; and
  • What metrics you would like to measure.

We will design and build the attack based on your requirements. This usually involves setting up a domain from which to send the phishing email, which may be designed to closely resemble one of your own domains, developing a template to mimic your organisation’s email templates or those of trusted suppliers, building web pages for phishing emails to direct to, and so on.

Remote Access

Our Remote Access Penetration Test combines a web application and infrastructure test.

Performed remotely, it assesses your externally facing remote access solutions, looking for:

  • Inadequate/insecure authentication;
  • Weak configurations;
  • Default settings; and
  • Outdated software and patching levels.

Remote Compromise

Our Remote Compromise Penetration Test will identify:

  • Weak configurations (e.g. default settings);
  • Outdated software and patching levels;
  • Insecure authentication;
  • Weak permissions; and
  • Means of bypassing antivirus software.

Penetration Testing Methodology

1. Scope & definition

We undertake a scoping session with you to identify an effective testing strategy

2. Reconnaissance

We gather key security information to apply to the scoped project

3. Vulnerability Analysis

Using a mixture of automated and manual processes, we’ll identify vulnerabilities within the scoped systems, assets and processes

4. Exploitation

Our penetration testers will test your infrastructure carefully, without disrupting your business. After exploitation, we clean up any scripts we have used

5. Reporting

Our specialist tester(s) will produce a report incorporating our findings.  You’ll have the opportunity to run through these in a call, where you’ll have the opportunity to ask questions and assess the implications of the results.

Price: £POA

We offer flexible and affordable packages that suit your business goals and requirements.

We believe that cyber security, tech law and data privacy are not separate issues, but interrelated and interdependent aspects of doing business online. That's why we offer a holistic approach that covers all three areas, from risk assessment and mitigation to legal compliance and advice, to data protection and governance.

Contact Us

If you are interested in our cybersecurity maturity assessment service or want to learn more about it, please contact us today. We would be happy to discuss your needs and expectations and provide you with a free quote.

Get Your Free Quote

General Enquiries

"*" indicates required fields

This field is for validation purposes and should be left unchanged.