Security Assessments

Start with a clear picture of where you stand.

FCI assesses your firm's current security posture — identifying gaps, vulnerabilities, and exposure across four dimensions. Whether you're preparing for an exam, renewing insurance, or simply need to know — this is where it starts.

30+

years serving financial services

400+

firms assessed

4

assessment dimensions

Why It Matters

Every firm has a security posture. Most don't know what theirs actually looks like.

Regulators

Expect current vulnerability scans, penetration test results, and documented cybersecurity policies. If those don't exist or are stale, it's an immediate problem.

Cyber Insurance Carriers

Ask the same questions — and denial rates are climbing for firms that can't demonstrate their security posture at renewal time.

Home Offices

Pushing branch compliance — requiring sales offices to produce evidence of controls, not just attest that they exist.

The Firm

Most firms don't have a clear picture of their posture until someone asks for one — and by then the timeline is already running.

FINRA SEC NAIC State Regulators Cyber Insurance

Four Assessment Dimensions

A complete view of your firm's security posture.

FCI assesses firms across four dimensions. Each targets a different part of the environment and produces its own findings and evidence.

Gap Analysis

30 minutes · Free · No commitment

Network Pen Testing & Vulnerability Scan

Internal network · Endpoints · Exam-ready evidence

Public-Facing Assessment

DNS · Web properties · IP addresses

Cloud App Assessment

Microsoft 365 · AI tools · Cloud apps and services

Dimension 1

Gap Analysis — the starting point for every engagement.

What's In Place

FCI reviews the firm's current controls — endpoint protection, email security, MFA, backup, policies — and maps them against what regulators and insurers expect to see.

What's Missing

The gap analysis identifies what your next exam, insurance renewal, or home office review will look for — and what the firm doesn't have today.

No Preparation Required

The firm doesn't need to prepare anything in advance. FCI walks through the assessment on a 30-minute call and provides the findings.

No Commitment

The gap analysis is free. The firm receives the findings and decides what, if anything, to do next. No obligation, no sales pressure.

Free

no cost

30 min

video call

Zero

commitment required

Dimension 2

Network Pen Testing & Vulnerability Scan

Penetration Testing

Simulated attack scenarios against the internal and external network to identify exploitable weaknesses before a real attacker does.

Vulnerability Scanning

Automated discovery of missing patches, outdated software, and misconfigurations across every endpoint in the environment.

Exam-Ready Evidence

Report formatted for direct submission to FINRA, SEC, state regulators, and cyber insurance carriers — not a raw scan dump.

Severity Ranking

Every finding ranked critical, high, medium, or low — with specific remediation recommendations the firm can act on.

Dimensions 3 & 4

Public-Facing Assessment & Cloud App Assessment

Public-Facing Assessment

External scan of your firm's internet-facing attack surface — DNS, web properties, email configuration, and exposed services. What the outside world can see about your firm.

Cloud App Assessment

Configuration review of Microsoft 365 and key cloud apps and services — identifying misconfigurations, excessive permissions, and policy gaps that could expose data or create compliance issues.

DNS & Email

Records, SPF/DKIM/DMARC, exposed mail configuration

Web Properties

Forgotten subdomains, open ports, exposed services

IP Addresses

Everything visible from the outside about the firm

Microsoft 365

Tenant configuration, sharing settings, security defaults

AI Tools

Copilot, third-party AI access, data exposure risks

Cloud Apps and Services

Overprivileged accounts, misconfigured sharing, policy gaps

The Process & the Report

Four steps — and a remediation window that produces a clean final report.

01 Initial Assessment — FCI runs the tools across the scoped dimensions. The firm provides access; FCI does the technical work.
02 Findings & Draft Report — draft with severity rankings and remediation recommendations. The firm sees what was found before anything is finalized.
03 Remediation Window — firm fixes what was surfaced. FCI can help on request, scoped separately. This is what keeps the final report clean.
04 Second Assessment & Final Report — FCI re-runs against the remediated environment; report reflects current posture, not open issues.

What's in the Final Report

Vulnerability Findings

Severity-ranked with remediation recommendations and confirmation of what was resolved

Penetration Test Results

External and internal — what was tested, what was found, what was remediated before final delivery

Configuration Review

Cloud and endpoint policy gaps identified — and corrections verified before the final scan

Executive Summary

Concise overview for leadership — framing remediated posture, not a list of open issues

Who Needs This

Assessments fit into every stage of a firm's security lifecycle.

Exam Preparation

FINRA, SEC, or state exam is coming — you need current evidence

Cyber Insurance Renewal

Carrier is asking about your posture — FCI provides the documentation

Home Office Requirements

Branch offices demonstrating compliance to their broker-dealer or carrier

Post-Incident Readiness

After an incident, regulators ask for your last assessment — if it doesn't exist, it's a problem

New Firm Onboarding

Joining a new home office — establish a baseline from day one

Annual Security Review

Regular assessment on a cadence that matches your regulatory cycle

Getting Started

Start with the gap analysis — it costs nothing and commits you to nothing.

Free

no cost

30 min

video call

Zero

commitment required

No Preparation

FCI walks the firm through what controls are in place and what's missing. The firm doesn't need to prepare anything.

All Three Markets

Broker-dealers & branch offices, insurance carriers & agencies, and RIAs. Same process, tailored to the regulatory environment.

Clear Outcome

A picture of where the firm stands today, plus scoped recommendations if additional assessment work is needed.

No Obligation

The firm receives the findings and decides what, if anything, to do next. No pressure, no commitment required.

Ready to find out where your firm stands?

FCI works with broker-dealers and branch offices, insurance carriers and agencies, and RIAs. The gap analysis is free — call to schedule.

Phone 973-227-8878

Web fcicyber.com