The Risk Mediation Group is a national business advisory consultancy focused on enterprise risk management, corporate strategy and IT transformation. We focus on enterprises with complex organizations, complex physical network and IT infrastructures, and highly sensitive high-volume data environments that are unfortunately attractive targets for cyber attacks. You might be wondering, "Why another cyber assessment?" In short, KPMG and other traditional audit firms provide a list assessment of security controls based on NIST and other similar list based standards. They provide very little thought in terms of ranking (outside of a qualitative score) and do not provide an estimate of how each security control reduces the risk-of-loss to mission/critical assets (e.g. ICU downtime, HIPPA info). So the client is left typically with a long laundry list of audit controls (10% of which really thwart damage to assets). Our model ingests these same controls but goes far further and carries the attacks through the controls to damage numerically and informs which controls most reduce average damage to assets. In other words, we provide an enterprise risk assessment that is quantified by dollar asset loss, property, loss to human life, and reputation and provides security ranking based on dollar loss reduction. This is a far more effective method for developing and reporting to the Board to justify a modernization plan moving forward.