Risk Assessment Services

Risk Assessment
Information security risk assessment is the process used to identify and understand risks to the confidentiality, integrity and availability of information and information systems. In its simplest form, a risk assessment consists of the identification and valuation of assets and an analysis of those assets in relation to potential threats and vulnerabilities, resulting in a ranking of risks to mitigate. The resulting information should be used to develop strategies to mitigate those risks.

Sarbanes Oxley (SOX) Assessment
This assessment will include policy review, architecture review and security practice review. By taking this approach, a security control baseline will be compiled for the customer environment. This will give the customer an understanding of the current state of security as well as an accurate roadmap to Sarbanes-Oxley IT security compliance. In addition to technical reviews and policy inspection, a comprehensive requirements matrix will be compiled. This matrix will show mapping to specific security requirements, as interpreted by the provider, of Sarbanes-Oxley sections 302, 404 and 802.

Gramm-Leach-Bliley (GLBA) Assessment
The GLBA assessment process is designed to identify, measure, manage, and control the risks to system and data availability, integrity and confidentiality, as well as to ensure accountability for system actions within financial institutions. This particular assessment will follow the guidelines as provided by GLBA and FFIEC to assess the current level of compliance to GLBA and relative security of the environment.

HIPAA Security Assessment
Section 164.308(a) (1) of the Health Insurance portability Act (HIPAA) requires an organization to conduct the risk analysis of the organization. This analysis is required to understand the flow of e - PHI (Electronic Protected Health Information) in the organization and the result of this analysis will facilitate creation of security policies & procedures and support the recommendation to initiate the HIPAA Security Compliance related remediation activities. This assessment will enable organizations to gain a full understanding of their compliance with HIPAA, provide a gap analysis against current security controls, and provide a remediation plan to achieve full compliance.

ISO 27001/ 7799 Assessment
ISO/IEC 27001 and its related code of practice, ISO/IEC 17799, provide internationally-accepted, standardized criteria to implement an effective information security management system. The basis for the standard is that information is an organization’s most valuable asset. As a valued asset, information must be managed and protected from internal and external threats. In order to protect its information assets, the organization must develop sustainable security measures and integrate those measures into its business processes. ISO/IEC 27001 and ISO/I EC 17799 assessments provide strategic and tactical direction for assessing, measuring and pre-venting threats, as well as propose a range of security controls focused on safeguarding information assets.