Fusion Computing Limited Logo

CIS Controls v8.1 cybersecurity assessment

Cybersecurity Assessment

Our cybersecurity assessment is a CISSP-led, 168-point review against CIS Controls v8.1, covering identity, endpoints, email, network, backup, and compliance. The 30-minute scoping call is free, there is no sales pitch, and the written report is yours to keep.

  • 168 checkpoints scored against CIS Controls v8.1
  • Risk-ranked findings plus a 30/60/90-day roadmap
  • Written report in about two weeks
  • Audit and cyber-insurance evidence, yours to keep

See cybersecurity services

For Canadian businesses with 10 to 150 users, run from our Toronto, Hamilton, and Vancouver offices. Typically $2,500 to $6,500; a senior consultant replies within one business day.

Book a Consultation

Tell us what you’re looking for. We’ll reply within one business day.

or
Schedule a Free Call

By submitting this form, you consent to Fusion Computing contacting you. We won’t share your information.

Why teams trust the Fusion assessment

  • 50 Best Managed IT

    Named two years running, 2024 and 2025

  • 4.9 on Google

    93% first-contact resolution

  • 500+ Canadian SMBs

    Secured since 2012

  • CISSP-led

    Mapped to CIS Controls v8.1 and CCCS

What it is

What a cybersecurity assessment covers

A cybersecurity assessment is a structured, evidence-based review of how well your controls actually protect the business, scored against CIS Controls v8.1 and the CCCS baseline. It looks at identity, endpoints, email, network, backup, and compliance together, the way an attacker, an auditor, or an insurer does, not one system at a time.

It is not the same as a vulnerability scan. A vulnerability assessment points an automated tool at your network and lists missing patches and open ports. A cybersecurity assessment includes that scan, then adds the human review a scanner cannot do: whether your backups are actually immutable and restore-tested, whether MFA is enforced everywhere it matters, and who owns the dozen stale Microsoft 365 accounts nobody has signed into in a year. The scan tells you what is unpatched; the assessment tells you what is exploitable.

Most teams book a cybersecurity assessment for one of two reasons: an insurer, auditor, or board is asking for documented proof the controls work, or they want an independent baseline before betting the next decision on instinct.

What we review

168 checkpoints across six domains

A full evaluation of your security posture, written for decision-makers, not just technicians.

  • Identity & access

    MFA coverage, Microsoft Entra ID hygiene, Conditional Access, and the orphaned or over-privileged accounts an attacker enumerates first.

  • Endpoints

    EDR coverage, BitLocker, patch lag against CIS v8.1, and unmanaged devices that never report to monitoring.

  • Email & phishing

    DMARC, DKIM and SPF, impersonation protection, and Microsoft Purview labels that stop oversharing before a breach surfaces it.

  • Network & firewall

    Firewall rulesets, segmentation, VPN posture, and the exposed RDP or edge services that show up on an external scan.

  • Backup & recovery

    Immutability, restore testing, and air-gapping, the controls that decide whether ransomware is a bad day or a business-ending one.

  • Compliance & CIS

    A CIS Controls v8.1 and CCCS baseline gap analysis mapped to PIPEDA, PHIPA, SOC 2, and the evidence insurers ask for at renewal.

The deliverable

A board-readable report in about two weeks

You get a written report with risk scores, a vulnerability scan, and a list of fixes ranked by real risk. It is built for decision-makers, and it is yours to act on with any provider.

Every finding is mapped to CIS Controls v8.1 and the CCCS baseline, so the report reads in the language an auditor, an insurer, or an incoming security lead already knows.

Why it matters now

The evidence Canadian SMBs are missing

  • IBM Cost of a Data Breach, 2025

    $6.98M average Canadian breach

    A documented assessment is the entry point for the controls insurers and regulators now require.

    Read more

  • CIRA Cybersecurity Survey, 2025

    24% hit by ransomware

    Most SMBs cannot show the MFA, EDR, and backup evidence underwriters demand at renewal.

    Read more

  • Statistics Canada, 2023

    Only 59% identify cyber risk

    Four in ten Canadian businesses run with no documented risk register or control-framework mapping.

    Read more

  • Canadian Centre for Cyber Security

    CCCS baseline controls

    The control set CyberSecure Canada and most cyber insurers expect, scored line by line in your report.

    Read more

Who it is for

You do not need to be in crisis

Most teams that book an assessment share one of these four situations.

  • Post-incident

    You had a breach, ransomware scare, or near-miss and need to know what is still exposed.

  • Compliance-driven

    An auditor, insurer, or board wants documented proof your controls are actually in place.

  • Switching providers

    You are leaving your current MSP and want an independent baseline before onboarding anyone new.

  • Insurance renewal

    Your cyber-insurance renewal requires a current assessment or risk evaluation, on a deadline.

How it works

Three steps, no obligation

The report is yours regardless of what you decide afterward.

  • 1. 30-minute consultation

    A free call to learn your environment and confirm scope. No obligation, and we quote in one business day.

  • 2. 168-point review

    Our CISSP-led team reviews endpoints, identity, email, backup, network, and compliance against CIS Controls v8.1.

  • 3. Written report in ~2 weeks

    Findings ranked by risk with a prioritized remediation roadmap. The report is yours to act on with any provider.

What our clients say

  • I called Fusion in a panic at 9pm on a Friday. By Monday morning our team walked in and got back to work like nothing happened. Every file recovered. No ransom paid.

    SM

    Sandra M.

    CEO, Industrial Supply Company, the GTA

  • We went from 35 to 70 employees in under a year. Every new hire needed a laptop, accounts, and security configured within 48 hours. Fusion handled every onboarding without us having to micromanage it.

    PR

    Priya R.

    Operations Director, the GTA

Mike Pearlstein, CISSP, founder and security lead at Fusion Computing

CISSP-led leadership

Mike Pearlstein, CISSP, Founder of Fusion Computing

Mike has led security assessments for Canadian businesses since 2012. “The moment that always lands is the identity-attack-surface map. Most SMBs we assess are running dozens of stale Microsoft 365 accounts with active auto-forward rules and no MFA on a few service accounts. None of it shows on a firewall report, but it is the first thing an attacker, examiner, or insurer asks to see.”

CISSPSince 2012CIS Controls v8.1CCCS baseline

Frequently asked questions

Find out where you are exposed

Book a free 30-minute consultation. We will scope the assessment, quote in one business day, and the report is yours to keep.

Book your assessmentSee cybersecurity services
Explore more:Toronto·Vancouver·Hamilton·IT business assessment·AI readiness assessment