Security Assessment
We offer our clients a range of cybersecurity services, including security testing, security assessment, and security development. With our services, you can ensure the cybersecurity of your organization and continue growing in the digital world.
Microsoft 365 Security Assessment
The purpose of the security assessment is to evaluate the current state of security in your cloud service and to ensure that the environment is configured with up-to-date and essential security settings.
What’s included in the service?
- Kick-off meeting (1 hour)
- Microsoft 365 Security Assessment
- Report and result matrix
- Final meeting (1 hour)
The Microsoft 365 cloud environment is reviewed using the CIS Microsoft 365 Benchmark Level 1 and Level 2 guidelines as applicable, taking into account best practices, the licenses in use, and the services and license tiers suitable for the assessment.
Assessment areas
- Access Control
- Configuration Management
- Identification and Authentication
- Data Protection & Policies
The following M365 services are included in the assessment
- Microsoft 365 Admin Center
- Microsoft 365 Defender
- Microsoft Purview
- Microsoft Entra Admin Center
- Exchange Admin Center
- Microsoft Teams Admin Center
Information and actions required from the client
For the assessment, user accounts must be created for our specialists in the client’s Microsoft environment, and these accounts must be granted sufficient read access to the necessary services.
Benefits of the assessment for the client
The security assessment provides a clear overview of your Microsoft 365 environment’s security, helps identify and minimize risks, ensures compliance, and delivers concrete recommendations to improve your protection level
Midaxo
“Yhteistyö Braveson Oy:n kanssa sujui erinomaisesti. Saimme asiantuntevan arvion Microsoft 365 -ympäristömme tietoturvasta sekä konkreettisia suosituksia sen vahvistamiseksi.
Bravesonin selkeä viestintä, meidän tarpeiden huomioiminen sekä käytännönläheinen työote tekivät yhteistyöstä sujuvan ja hyödyllisen.”
Aki Hänninen
CISO, Midaxo Oy
AWS security assessment
The purpose of the security assessment is to evaluate the current state of security in your cloud service and to ensure that the environment is configured with up-to-date and essential security settings.
What’s included in the service?
- Kick-off meeting (1 hour)
- AWS Security Assessment
- Report and result matrix
- Final meeting (1 hour)
The assessment is based on:
- CIS AWS Foundations Benchmark Level 1 and Level 2 (as applicable)
- AWS best practices and recommendations (Well-Architected Framework)
- The client’s services in use and architecture-specific details
Assessment areas
- Access Control
- Configuration Management
- Identification and Authentication
- Data Protection & Policies
The following AWS services are included in the assessment
- IAM Access Analyzer
- AWS Config
- AWS CloudTrail
- AWS CloudWatch
- AWS Simple Notification Service (SNS)
- AWS Simple Storage Service (S3)
- Elastic Compute Cloud (EC2)
- Relational Database Service (RDS)
- AWS Identity and Access Management (IAM)
Information and actions required from the client
For the assessment, audit accounts must be created for our specialists in the client’s AWS environment, and these accounts must be granted sufficient read access to the necessary services.
Benefits of the assessment for the client
The assessment provides a clear overview of the security posture of your AWS environment. It helps identify and minimize risks, meet compliance requirements, and offers concrete recommendations for improving your security level.
We also conduct security architecture reviews for AWS environments, regardless of the services in use. Contact us to learn more!
Also check out our security testing services.
Cyber Meter
Developed by the Finnish National Cyber Security Centre, the Cyber Meter helps improve the ability of companies, organizations, and society as a whole to defend against cyber threats. It provides management and cybersecurity professionals with a concrete tool for better handling of cyber risks.
What’s included in the service?
- Kick-off meeting (1 hour)
- Cyber Meter assessment and workshops
- Reporting
- Final meeting (1 hour)
The assessment is conducted using the Cyber Meter tool. Various areas of the organization and its cybersecurity capabilities are evaluated based on the measurement criteria of the Cyber Meter. The results are thoroughly analyzed and reported, including a summary of the current state and recommendations for improvement actions.
When presenting the Cyber Meter on a website, it must be stated in accordance with Traficom’s guidelines:
“Kybermittari is a registered trademark of Traficom”
Information and actions required from the client
- Participation of the client’s specialists in the workshops (3–5 sessions)
- Delivery of any relevant documentation for review and assessment
- Preferably, one of the workshops will be held on-site at the client’s premises
Benefits of the service for the client
- Improved visibility into the organization’s cybersecurity posture
- Maturity level assessment and planning of development actions
- Shared understanding between management and cybersecurity professionals
- Systematic improvement of monitoring and reporting
Price starting from €4000–7000 (VAT 0%). Request a quote!
OWASP ASVS assessment
The OWASP ASVS assessment is based on application security best practices and standardized checkpoints. We evaluate the security of your application across three levels of assurance (Level 1–3), tailored to your needs and the application’s risk profile.
What’s included in the service?
- Kick-off meeting (definition of objectives and targets)
- Assessment based on documentation and/or practical testing
- Reporting of findings, risk level evaluation, and development recommendations
- Final meeting and planning of next steps
Key Assessment Themes:
- Authentication and Access Control
- Session Management
- Data Protection and Encryption
- Error Handling and Logging
- Application Architecture and Configuration
- Interfaces and External Services
Information and actions required from the client
- Access to the documentation and/or test environment of the application to be assessed
- Appointment of a contact person for coordinating the assessment
- User or test accounts for the application, if needed
Benefits of the assessment for the client
- Your application’s security level is systematically assessed according to industry standards
- Critical vulnerabilities are identified and can be addressed before exploitation
- You strengthen customer and stakeholder trust in your security posture
- Supports compliance with regulations such as GDPR and other relevant frameworks
What is the OWASP Application Security Verification Standard (ASVS)?
“The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.”
Version 4.0.3 of OWASP ASVS Level 2 includes a total of 286 requirements, with Level 2 covering 255 of them. Level 2 is intended for applications that handle sensitive data and require enhanced protection. It includes broader and more thorough security requirements than Level 1.
Current state security assessment
In the current state security assessment, we take a comprehensive look at your organization’s cybersecurity posture in relation to best practices, relevant requirements, and your business objectives.
What’s included in the service?
- Kick-off meeting and scoping of the assessment
- Current state analysis (review of documentation and environments, interviews)
- Reporting and actionable recommendations
- Final meeting and planning of next steps
Assessment areas
- Risk Management and Security Policies
- Access and User Management
- Data Protection and Encryption Practices
- Network and Endpoint Security
- Logging and Monitoring
- Staff Cybersecurity Awareness
Information and actions required from the client
- Access to cybersecurity-related documentation and process descriptions
- Appointment of a contact person for coordinating the assessment
- Ability to arrange necessary interviews and reviews
Benefits of the assessment for the client
- A clear overview of your organization’s cybersecurity posture
- Identification of risks and areas for improvement before serious incidents occur
- A concrete and prioritized action plan for enhancing security
- Improved readiness to meet legal and contractual requirements (e.g., GDPR, ISO 27001, NIS2)
Price: Starting from €4500 (VAT 0%)
In our security assessments, we apply relevant standards and frameworks, including:
- ISO 27001, NIS2, CRA, DORA
- NIST Cybersecurity Framework
- IEC 62443, 81005-2-1
- CIS Benchmarks
- Cloud Security Alliance Cloud Controls Matrix
- OWASP ASVS, MASVS, Top 10
Didn’t find the right service?
Do you need a customized security assessment? We perform comprehensive, technology-agnostic security evaluations for various systems, applications, and organizations. Each assessment is tailored to your specific needs, risk profile, and business context—whether it’s a single application, the entire IT environment, or critical business processes.
Who Is This Service For?
- Companies and organizations with special requirements or complex environments
- Industries where traditional assessment models are not sufficient
- Projects that require combining multiple assessment targets (e.g., cloud services, applications, internal networks)
Get in touch and let’s design a security assessment that fits your organization perfectly!