Third-party breaches are a top CISO worry, one healthcare-payer breach ran to $3B in costs. Trexin ran a 'friendly' risk assessment of a multistate payer's subsidiary, scoring maturity and finding 6,000 vulnerabilities (3,000 high), 87% mitigable in the Azure migration.
Third-party risk (from vendors to semi-independent subsidiaries) is a growing CISO concern; one well-known healthcare-payer breach ran to $3B in direct costs and disruption. The CISO of a multistate health-insurance payer asked Trexin to assess a subsidiary’s security controls, risk management, and resilience, as a “friendly assessment” that went beyond documenting risk to helping mitigate it.
We combined multiple frameworks into one unified assessment: Trexin’s DEADONS+1 methodology, ISACA’s CMMI, the NIST Cybersecurity Framework, People-Process-Technology categorization, penetration testing, and the Client’s own methodology. We evaluated data security, configurations, user access, and network integrity; pen testing and vulnerability scanning surfaced weak points (open ports, unpatched software, config flaws); and executive interviews and documentation review filled in the rest.
Each maturity area got current, future, and one-year-projected CMMI scores. We catalogued 6,000 vulnerabilities (3,000 of them high) and showed that 87% could be mitigated by prioritizing critical risks during the Azure migration. Recommendations rolled into a 12+ month maturity-enhancement roadmap, leaving the Client with a clearer risk landscape for future decisions.
Established relationships and cybersecurity depth let us run a hard cross-organizational assessment collaboratively, and turn findings into a plan.
case study
case study
event
Tell us what you're trying to do. A senior practitioner will read it.
Talk to us