Cyber Hygiene Assessments

A tiered, onsite security health check for SMBs. Each package scales from a quick checkup to an executive-level resilience program—priced to be accessible and inclusive of travel for non-local clients. Our approach favors safe, read-only reviews and open methods interpreted by experts, ensuring results are practical and vendor-agnostic.

Tier 1

Crash Course Checkup

Fast hygiene snapshot with a letter-grade scorecard and top fixes.

Starting at $3,900

Short onsite (or virtual) walkthrough + 1–2 stakeholder interviews
Light external exposure review and account/endpoint spot-checks
Report card with Letter Grade (A–F) + Top 5 actions
Executive readout & Q&A

Full scope

Kickoff + stakeholder list confirmation
Onsite/virtual walkthrough (1–2 interviews)
External exposure snapshot (read-only methods)
Sample account & endpoint spot checks
Letter-grade scorecard + Top 5 actions
Executive review session (30 min)

Book Tier 1

Tier 2

Two Step Security Fitness

Broader review across teams with awareness, gap analysis, and a 90-day plan.

Starting at $8,900

Everything in Tier 1
Expanded interviews + light evidence review (policies, vendor docs, tool outputs)
Security awareness mini-session (30–45 min)
External posture check or vulnerability screen (read-only)
Expanded report, risk heatmap, and prioritized 90-day roadmap

Full scope

All Tier 1 activities + extended stakeholder interviews
Evidence review of policies, vendor agreements, & system outputs
Awareness mini-session (30–45 min)
Safe external vulnerability screen (optional)
Consolidated report with risk heatmap & 90-day remediation plan

Book Tier 2

Tier 3

Grey Street Resilience

Leadership-grade assessment with program recommendations and a strategic roadmap.

Starting at $16,900

Everything in Tier 2
Board/Executive presentation with benchmarks
Right-sized tool & vendor recommendations mapped to objectives
Third-party/SaaS risk snapshot
Custom awareness content as needed
Optional independent validation or pen test via partners
12–18 month roadmap with cost/impact tiers

Full scope

All Tier 2 activities + executive/board briefing (60 min)
Benchmark comparison to industry peers
Custom tool & vendor recommendations by category
Third-party/SaaS risk evaluation
Optional independent validation or pen test coordination
12–18 month roadmap with cost, impact, & timeline tiers

Book Tier 3

Seek Up Enterprise (Advanced)

Custom — scoping session recommended

Schedule scoping

For organizations with complex environments or advanced requirements, ABI Consulting conducts a dedicated scoping call to define objectives, right-size the approach, and provide a tailored proposal. This can include framework alignment (e.g., ISO 27001, SOC 2, CMMC readiness), deeper cloud/app reviews, or coordination with trusted partners for testing.

À la carte

Bundle discounts with Tier 2–3

Request Quote

Baseline Security Review

Quick validation of MFA, password hygiene, patching cadence, backups, and endpoint protection practices across your environment.

Cloud & SaaS Configuration Review

Lightweight look at Microsoft 365, Google Workspace, or AWS posture using safe, read-only configuration exports.

Incident Response Readiness Kit

Practical IR checklist and communication plan with a facilitated tabletop tailored to your environment.

Endpoint Security Snapshot

Sample-based validation of encryption, anti-malware coverage, and patch status across representative devices.

Phishing Awareness Campaign

Safe simulation with a brief debrief and improvement tips aligned with your internal policies.

Security Awareness Mini-Workshop

60-minute live or virtual session covering phishing, password hygiene, and safe remote practices.

Vendor & Third-Party Risk Review

Focused OSINT/questionnaire review of one or two key suppliers with a concise risk heatmap and recommendations.

Policy Review

Review and refine existing policies (AUP, Password, IR, etc.) for clarity and alignment with NIST CSF/ISO 27001 principles.

Notes & Assumptions

Pricing for flagship tiers includes reasonable travel within the contiguous U.S.; à la carte travel billed as needed.
Reviews favor safe, read-only methods with written authorization. Sensitive testing is coordinated through trusted partners.
Bundle discounts available; nonprofit pricing upon request.

Ready to level up your security hygiene?

Include your company size, primary platforms (Microsoft 365, Google, AWS), and scheduling preferences. We’ll confirm next steps within two business days.