Due Diligence in Cybersecurity is one of the most important aspects of M&A.
On the sell side: Firms should take every effort to ensure they are in solid shape from an information security perspective before being offered for sale or seeking growth investment. Review and pre-sale diligence can make a massive difference in how well your firm will be valued.
On the buy side: Buyers should pay particular attention to how well the target understands their digital risks and how well they are governing their risk mitigation efforts. External and independent verification and validation of security policies and practices should include a review of the technical architecture, as well as the degree that the target is complying with appropriate compliance regimes.
Strategically, the acquisition of cybersecurity technology firms is also an art requiring assessment of how unique the capability is and how much in demand it will be in the market.
All of this is best done with and experienced team.
Crucial Point’s due diligence team provide the background, experience and knowledge organizations require for pre-merger or pre-acquisition analysis of target company enterprises, processes and infrastructure.
Our experienced enterprise CTOs know what to look for and how to report it and can provide the assessments required to rapidly integrate the target company into your enterprise. We do so while finding balance in respect for the target company mission needs and the efficiencies required post-merger.
Questions/comments/suggestions? Please contact us for more information.
Additional Due Diligence Information:
- Crucial Point Due Diligence Services: A summary of our offerings
- Our Technology Due Diligence Process: Our core processes
- Due Diligence in Cybersecurity: Experience Matters
- Due Diligence in Defense, Intelligence and National Security: A specialty
- IT Due Diligence: Analyze target company IT infrastructures, processes and people
- CTO Consultants for Technology Due Diligence: A key focus area for Crucial Point
- How to Find and Select a Due Diligence Firm: Tips from the Crucial Point team
OODA LLC: Put our team of experts on your side
Crucial Point is now part of OODA LLC. OODA helps our clients identify, manage, and respond to global risks and uncertainties while exploring emerging opportunities and developing robust and adaptive strategies for the future. We are a global strategic advisory firm with deep DNA in global security, technology, and intelligence issues. OODA offerings include: Security Services including CISO-as-a-Service We live in…
Announcing OODA LLC: Helping clients identify, manage, and respond to global risks and uncertainties
We have some exciting news to announce. We are now part of OODA LLC. If you have a background in cybersecurity or the military or are a student of decision theory you can probably tell our company name is meant to honor one of the greatest warrior thinkers of the modern age, Air Force Colonel John Boyd. Boyd was an…
Updated Cybersecurity Best Practices
We capture lessons we learn in helping clients continually improve their cybersecurity posture. We also track adversary behaviors on a daily basis at ThreatBrief.com and capture lessons learned and shared from across the community. We maintain a succinct list of these best practices for your reference. Find them at The Crucial Point Guide to Cybersecurity Best Practices. Reducing digital risk…
Leveraging The FFIEC Cybersecurity Assessment Tool (CAT) To Improve Corporate Culture and Raise Security Posture
You know compliance does not equal security. We wonder if the folks who write all these compliance rules believe that, but we know you know it. Still, if you do it right, you can use compliance reviews and evaluations to help you reduce risk. The art form is to find balance. You have to make sure you comply but do…
Complying With The GDPR: Easier with a CTO on your side
If you interact with companies in Europe or hold data on any EU citizen you must comply with the European Union’s (EU) General Data Protection Regulation (GDPR). It much easier to do that with an experienced CTO on your side. For a good update on the GDPR see: EUGDPR.org The GDPR is the most important change in data privacy regulation…
Technology Due Diligence for Mergers and Acquisitions Now Requires Cybersecurity Assessment
Historically due diligence assessments before Mergers & Acquisition (M&A) transactions have focused on traditional risk areas that could pose a significant financial risk, like issues of tax, employment, compliance with regulatory environments, intellectual property protection, and of course contracts. Now that technology is a part of every firm’s business model things have changed. Cybersecurity has become part of every M&A…
The Cost Of Cyber Crime Is Growing: Apply economical mitigation strategies to protect your business
In cybersecurity it is hard for stakeholders to get a picture of the full impact of cybercrime. Two reports this week are the latest to take a crack at it. One of the reports is from McAfee in collaboration with the Center for Strategic and International Studies (CSIS). It shows that cybercrime currently costs the global economy a startling $600 billion annually,…
Guest Post At WhiteHawk: The Most Important Factor in Addressing your Organization’s Cyber Risk
Crucial Point founder and CTO Bob Gourley published a guest editorial at WhiteHawk.com on the topic of organizational cyber risk mitigation. This post, based on years of operational experience, begins: Over the last two decades I have participated in cyber risk assessments across many economic sectors, including in government, the military, healthcare, pharmaceuticals, aviation, defense, manufacturing, and finance. I’ve had…
The Cyber Threat: Best selling cyber intelligence book updated for 2018
The Cyber Threat, the bestselling book from pioneer of cyber threat intelligence Bob Gourley, has now been updated for 2018. The book provides up to date insights into the threat actors in cyberspace including their history and current tactics. The book is full of information of use to executives in multiple sectors of the economy. Bob Gourley was the first…
Crucial Point LLC Founder and CTO Bob Gourley Named To List Of Top Data Miners
Crucial Point founder and CTO Bob Gourley has been named one of the top data miners by Import.io, the platform for web data extraction and use. From the report: In the blossoming world of big data, the data miner is king. Although your own business may already see the value in data, it’s more difficult to understand how to data mine for…
CTOvision One Of The Best IT Blogs 2018: Must-Read Resources for CIOs, IT & Security Pros
CTOvision, the blog focused on enterprise technologists, has been named as one of the best IT blogs for 2018 by VertitechIT. Information Technology. Sometimes we get so focused on the bits and bytes side of the equation we forget about the information part. When it comes right down to it, IT is all about using technology to inform, to communicate,…
Trump signs bill to modernize government IT and cybersecurity
On Tuesday, US president Donald Trump signed the 2018 National Defense Authorization Act (NDAA) into law, which contains a provision that could force the federal government to upgrade its out-of-date IT systems. The Modernizing Government Technology (MGT) Act was enacted as part of the NDAA, but it is facing some roadblocks from Congress. The MGT Act creates a $500 million fund over…
Featured in TheCipherBrief: Companies Need to ‘Think Twice’ Before Retaliating Against Hackers
Bob Gourley is a member of TheCipherBrief.com’s cyber advisory board. The following provides his context on key cybersecurity policy issues of interest to the technology and business community. From: Companies Need to ‘Think Twice’ Before Retaliating Against Hackers The Cipher Brief: When organizations are targeted with cyber attacks, are they able to respond by hacking back – to either retrieve their…
The Automotive Cyber Security Summit: October 25-27 Fremont California
The Automotive Cyber Security Summit is for practitioners in the automobile industry who are working to predict and mitigate both current and future risks due to technology. The event brings together experts from across the auto industry, including manufactures, designers and providers of on-demand services and autonomous vehicles. For more see: Automotive Cybersecurity Summit
The Government Won’t Protect Your Internet Privacy, So Here Is How To Do It Yourself
“Stealing personal information is much easier if all that data is aggregated,” says Bob Gourley, co-founder of Cognitio Corp, a firm that does security consulting, and former Chief Technology Officer of the Defense Intelligence Agency.
Using advanced tracking tools, artificial intelligence, and botnets, a malicious actor could “learn if an individual is going to be out of town at a certain time,” explains Gourley. Similarly, access to personal-finance and medical information could help would-be criminals commit fraud later on.
Bob Gourley on cutting edge tools debuting at RSA
RSA is always a great place to learn the latest technology, tools and procedures for enterprise grade cyber defense.
CTOvision named to FedTech’s list of 50 Must-Read Federal IT Blogs
We were honored again to have our CTOvision blog named to FedTech’s list of 50 must-read federal IT Blogs. From FedTech’s intro to the list: It was a whirlwind year in the world of federal IT, with the White House, Office of Management and Budget, and many agencies focused on cybersecurity, IT modernization, data center closures and optimization, and cloud adoption. Sometimes,…
How the cyber SWAT team tackles the biggest crises (Bob Gourley Comments)
The elite group that works with FBI investigators and DHS is tasked with stopping the threat; Catherine Herridge has the story for ‘Special Report’. Context from Bob Gourley. For more see: FoxNews
What you can do to mitigate the threat of DDoS attacks
The recent DDoS attacks on corporate networks have impacted businesses, their clients and individuals. In this special edition of QSights, cyber risk-reduction experts, Cognitio, provide steps organizations can take to help prevent an attack, to ensure their internal network cannot be used as a platform to attack others and to determine if the right plans are in place to mitigate…
Despite privacy concerns, Microsoft calls Windows 10 ‘the most secure version of Windows’
“Over the last two years we have seen ransomware evolve to the point where it can come in from multiple paths, spread throughout an enterprise and backup holdings while remaining covert to standard detection, and then lock down files all at once causing an enterprise-wide crisis,” Gourley said. “What was once seen as a joke is now one of the…