Platform · Risk Assessment

Know your risk score.
Know what to fix first.

BreachBrain's guided risk assessment walks you through 8 security domains, applies AI analysis, and delivers an analyst-verified risk score with a clear remediation roadmap — in 24 hours, without a consultant.

The Assessment

8 security domains. Every angle covered.

The questionnaire is written for business owners and operations leaders — not security professionals. Plain English, guided questions, approximately 60 minutes. Save and return at any time.

Access Control

How user accounts, passwords, multi-factor authentication, and access privileges are managed — including who has access to what and whether that access is reviewed and revoked appropriately.

Network Security

Firewall configuration, network segmentation, remote access controls, and monitoring — covering how your internal network is protected from both external and internal threats.

Data Handling

How sensitive data is classified, stored, transmitted, and disposed of — including encryption practices and whether data handling aligns with regulatory and contractual requirements.

Vendor Management

Third-party risk — covering how vendors with access to your systems or data are vetted, monitored, and contractually bound to security standards.

Incident Response

Whether your organization has a documented plan for detecting, responding to, and recovering from a security incident — and whether that plan has been tested.

Physical Security

Physical access controls for facilities and equipment — covering who can access servers, workstations, and sensitive areas, and what controls prevent unauthorized physical access.

Employee Awareness

Security training, phishing awareness, and acceptable use policies — addressing the human element, which remains the most common initial attack vector in breaches.

Compliance

Alignment with applicable regulatory frameworks — including HIPAA, PCI-DSS, FTC Safeguards, and state-level data privacy requirements — and the documentation to demonstrate it.

AI + Human

AI does the analysis. A human signs off.

As you complete the questionnaire, BreachBrain's AI correlates your responses — weighting each answer by domain and severity, identifying patterns, and generating a prioritized findings list with remediation guidance for your specific situation.

Before your report is released, a certified cybersecurity analyst reviews every finding: validating severity rankings, removing false positives, and approving the final document. Not optional. Not outsourced.

See the full process ›

8

security domains covered in every assessment — people, process, and technology.

~60 min

to complete the questionnaire. Save and resume at any point — no time pressure.

72 hrs

from submission to an analyst-verified report in your inbox. No consultant required.

What You Receive

A risk score you can explain to anyone.

Risk Score (0–100)

A single weighted score across all 8 domains, calculated from your responses. Higher scores indicate greater risk. Updated with every reassessment so you can track improvement over time.

Per-Domain Pillar Scores

Domain-level scores so you know exactly which areas of your security posture need the most attention — and where you're already strong.

Prioritized Findings

Every gap is ranked Critical, High, Medium, or Low. The report tells you what to fix first — not just what's wrong.

Remediation Roadmap

Plain-language guidance for every finding — written for your team, not a security consultant. Includes what to do, why it matters, and how to prioritize.

Executive Summary

A one-pager formatted for your board, insurer, or auditors. Includes your risk score, top findings, and posture summary in language non-technical stakeholders understand.

Analyst-Signed PDF

The full report — including findings, remediation guidance, and executive summary — delivered as an analyst-reviewed, signed PDF. Accepted by cyber insurers and compliance auditors.

Also in the Platform

The assessment covers what you control. The scanner covers what's exposed.

Web & Domain Scanner →

Automated scanning of your public-facing infrastructure — DNS, email security, SSL/TLS, open services, and breach records. No agent required.

External Penetration Testing →

Platform-run penetration testing of your internet-facing systems — actively attempting to exploit identified weaknesses the way an attacker would.

Internal Penetration Testing →

Agent-based internal network testing — simulating a compromised device or insider to find lateral movement paths and privilege escalation risks.

Find out where your security posture actually stands.

Start your free 7-day trial — no charge until day 8.

Start Free Trial Talk to us first ›