RExpressoExpresso® is part of our Subscription Plan/Service (“Service”) which includes all products and any new products or product updates released during the subscription year. The yearly renewal for our Service is $495 per year, on a year-to-year basis (optional). Our Service represents a considerable value when compared to buying each individual product. Why? Because our Service is a comprehensive offering that includes content not found elsewhere as discussed below and is priced at a steep discount vis-à-vis purchasing individual products.

NEW!! Expresso® is also available for a monthly subscription cost! Click here.

Expresso is our Risk Assessment express software product 

It is included as part of your Subscription Plan. A Risk Assessment is a process by which an Organization identifies: (1) Threats to the Organization (i.e. to its Operations, Assets, or Individuals); (2) Vulnerabilities internal and external to the Organization; (3) The harm (i.e. adverse Impact) that may occur given the potential for Threats exploiting Vulnerabilities; and (4) The Risk associated with a specific Threat, Vulnerability and Impact combination.

Although a definition of Risk Assessment is helpful and certainly required, we also need to clearly understand the cybersecurity context that we all now operate in. We have become jaded by the daily announcements of massive data breaches and their consequences. So much so that it appears that providing a hardened cyber defense is a hopeless task. Expresso takes on this challenge head-on by reducing the complexity associated with performing Risk Assessments.

At the same time that we are bombarded with constant bad news about failed defenses, information security professionals (i.e. those charged with developing solutions) are overwhelmed by the number of “threat information feeds,  reports,  tools, alert services, standards, and threat sharing schemes” which, instead of providing clarity, result in a tsunami of data that the Council for Cybersecurity has termed “the fog of more.”

It is precisely the “fog of more” that Expresso focuses on by providing standardization of the Risk Assessment process. Expresso is built upon industry best practices and a world class Risk Management Framework developed by the National Institute of Standards and Technology (“NIST”). Expresso takes a complex problem and clarifies its implementation so that Risk Assessments can be readily understood by the masses—without the need for the masses to become information security professionals. That said, we are not suggesting that the need for information security professional will be eliminated, rather that Expresso is the means by which communications with security professionals may be facilitated, in a language understood by all.

Expresso is our “Cadillac” software to assist with HIPAA Compliance and Risk Assessments. This software is based on the NIST model that includes HIPAA requirements. It contains Risks matched to each of the regulations with the ability to document notes during each analysis. It also captures Security Objects and enables Controls to be assigned to each asset. No user starts out with a blank sheet of paper to document Risk Remediation. We provide model documents that can be modified as needed to provide visible demonstrable evidence of compliance. In addition, with our release of Expresso 2.0 we enable reporting in the background that notifies the user when the report is ready. Also, we have a products portal within Expresso that can be searched and an encrypted Compliance Repository exclusive to each client.










The compliance continuum depicted here is our metaphor for the iterative process required to achieve the objective of successfully implementing your Organization’s Risk Assessment program.  Because implementing a

Risk Assessment program is a “wicked problem,” Organizations may have to settle for

building a good compliance story over time. The economic reality of budget and resource constraints will make even this objective a challenging one, regardless of an Organization’s size. A “good story” implies that your organization has adopted a culture wherein Risk Assessments and their corresponding remediation responses become de-rigueur, not due to pressure from outside stakeholders, but because privacy and security has been incorporated into the organization’s DNA.


Expresso, along with the rest of our products, starts you down the road toward achieving a good compliance story and toward manifesting privacy and security in your day-to-day processes.