Cybersecurity Assessments
KYCRI provides no-cost cybersecurity assessments for Kentucky county and local governments, critical infrastructure operators, and their managed service providers. Our team identifies vulnerabilities, evaluates your defenses, and delivers actionable recommendations, all at no charge to your organization.
Request an AssessmentAssessment Types
White Box
Full knowledge. KYCRI receives complete network documentation, credentials, and diagrams upfront.
Grey Box
Partial knowledge. KYCRI receives limited info like IP ranges. Balances thoroughness with realism.
Black Box
Zero knowledge. KYCRI has no prior information. Simulates a real external attacker.
How It Works
From first contact to final report, here is what to expect at every stage of a KYCRI cybersecurity assessment.
Initial Meeting & Scoping
KYCRI meets with your organization to understand your goals, concerns, and security priorities. Your team selects an assessment type and completes a scoping questionnaire detailing your network environment. Work with your MSP as needed.
Your Organization
Select assessment type, complete scoping questionnaire, identify on/off-limits systems
KYCRI
Facilitate meeting, explain assessment options, provide scoping questionnaire
Initial Meeting & Scoping
KYCRI meets with your organization to understand your goals, concerns, and security priorities. Your team selects an assessment type and completes a scoping questionnaire detailing your network environment. Work with your MSP as needed.
Your Organization
Select assessment type, complete scoping questionnaire, identify on/off-limits systems
KYCRI
Facilitate meeting, explain assessment options, provide scoping questionnaire
Documentation & Rules of Engagement
KYCRI drafts an NDA and MOU, then reviews your scoping documentation. From this, KYCRI creates the Rules of Engagement (ROE), which strictly outlines what is and is not permitted during the assessment. All documents are sent for your signature.
Your Organization
Review and sign NDA/MOU
KYCRI
Draft NDA, MOU, and ROE based on scoping documentation
Documentation & Rules of Engagement
KYCRI drafts an NDA and MOU, then reviews your scoping documentation. From this, KYCRI creates the Rules of Engagement (ROE), which strictly outlines what is and is not permitted during the assessment. All documents are sent for your signature.
Your Organization
Review and sign NDA/MOU
KYCRI
Draft NDA, MOU, and ROE based on scoping documentation
ROE Review & Finalization
KYCRI and your organization meet to review the Rules of Engagement in detail. This ensures everything aligns with your needs. The ROE is refined as necessary, then sent for final signature.
Your Organization
Review ROE, request any changes, sign finalized document
KYCRI
Present ROE, incorporate feedback, finalize for signature
ROE Review & Finalization
KYCRI and your organization meet to review the Rules of Engagement in detail. This ensures everything aligns with your needs. The ROE is refined as necessary, then sent for final signature.
Your Organization
Review ROE, request any changes, sign finalized document
KYCRI
Present ROE, incorporate feedback, finalize for signature
Pre-Assessment Site Visit
KYCRI conducts an in-person meeting at your location to understand the physical network environment, identify a workspace for the onsite assessment, and coordinate logistics.
Your Organization
Provide site access, designate workspace, coordinate with IT staff
KYCRI
Survey environment, confirm logistics, finalize onsite plan
Pre-Assessment Site Visit
KYCRI conducts an in-person meeting at your location to understand the physical network environment, identify a workspace for the onsite assessment, and coordinate logistics.
Your Organization
Provide site access, designate workspace, coordinate with IT staff
KYCRI
Survey environment, confirm logistics, finalize onsite plan
Onsite Assessment
KYCRI conducts the assessment onsite at your organization. The team gathers data, runs scans, and identifies vulnerabilities across your network environment, all strictly within the agreed-upon scope.
Your Organization
Provide access as outlined in ROE, designate a point of contact
KYCRI
Execute assessment within scope, document all findings
Onsite Assessment
KYCRI conducts the assessment onsite at your organization. The team gathers data, runs scans, and identifies vulnerabilities across your network environment, all strictly within the agreed-upon scope.
Your Organization
Provide access as outlined in ROE, designate a point of contact
KYCRI
Execute assessment within scope, document all findings
Report Development
KYCRI compiles all findings into comprehensive reports including an executive summary for leadership and detailed technical reports with actionable remediation steps.
Your Organization
None. KYCRI handles this phase
KYCRI
Build executive summary and technical reports with remediation guidance
Report Development
KYCRI compiles all findings into comprehensive reports including an executive summary for leadership and detailed technical reports with actionable remediation steps.
Your Organization
None. KYCRI handles this phase
KYCRI
Build executive summary and technical reports with remediation guidance
Final Briefing & Report Delivery
KYCRI presents the final report and conducts an in-person briefing covering all findings, risk levels, and recommended actions. Time is reserved for questions.
Your Organization
Attend briefing, ask questions, plan remediation
KYCRI
Present findings, deliver reports, answer questions
Final Briefing & Report Delivery
KYCRI presents the final report and conducts an in-person briefing covering all findings, risk levels, and recommended actions. Time is reserved for questions.
Your Organization
Attend briefing, ask questions, plan remediation
KYCRI
Present findings, deliver reports, answer questions
Data Sanitization & Ongoing Support
After 30 days, KYCRI sanitizes all machines and removes any sensitive data collected during the assessment. The team remains available to support your organization as you implement fixes.
Your Organization
Begin implementing remediation steps
KYCRI
Sanitize all assessment data, provide ongoing support as needed
Data Sanitization & Ongoing Support
After 30 days, KYCRI sanitizes all machines and removes any sensitive data collected during the assessment. The team remains available to support your organization as you implement fixes.
Your Organization
Begin implementing remediation steps
KYCRI
Sanitize all assessment data, provide ongoing support as needed
Ready to Get Started?
Reach out to the KYCRI team to schedule your initial meeting. There is no cost and no obligation. We are here to help Kentucky organizations strengthen their cyber defenses.
Contact Us