Saturday, August 06, 2005
In a Nutshell - Security Site Audits
Security Site Audits
A security Site Audit will identify security issues and help Executive Management decide what steps are necessary to improve the security posture of the company.
Who needs Security Site Audit services:
- If your company connects to 3rd party vendors
- If your company outsource work to other locations
- If your company transmits data to other locations or companies
What a security company will do for you:
- Audit Security Organization and Security Policies based on industry Standards (ISO 17799, ISF, HIPAA, VISA and more)
What is the security posture of my partner/3rd party vendor?
- Audit HR policies on Personnel Security
Review Hiring and background check processes
Audit the existence of employee training and awareness programs
Only trustworthy staff should be accessing your information
Is everyone aware of corporate and security policies?
- Physical Security Site Audit
Verify perimeter defenses and access controls are in place
- Compliance Checks
External and internal audits
Implement regulatory and legal requirements
- Access Control
Effective Password policies
Logical and physical data and network separation
Audit logging
Encryption methods and Key Management processes
Secure Production environments
- Development Security
New technologies and product development
Secure testing and QA methodologies
Risk assessment
Project Management Capabilities
- Asset and Data Classification
Implement Data Classification schemas
Determine appropriate security controls for each classification
- Disaster Recovery and Business Continuity planning
Audit the existence of formal DR BCP plans and effectiveness
- Mergers and Acquisitions
Value added services when buying or selling a business
Uncover security concerns that need to be addressed
- Change Management
Verify security involvement during second most critical phase in application and product lifecycle
- Operations Management
Secure Data transport
Effectiveness of Data Backup processes
Secure Ecommerce development
Benefits:
- Results and reports are based on Security expertise and Industry best practices
- Access to security knowledge and experience that may not reside with client�s staff
- Meet legal and regulatory compliance requirements
- Meet Privacy Requirements
- Perform Due Diligence and Due Care
- External / Independent Assessment from approved Information Security company
- Not vendor specific approach
- Intrusive / Non-intrusive methodologies
- Assist you in implementing required actions to address the findings
- Assist in automating security processes for Company use
A security Site Audit will identify security issues and help Executive Management decide what steps are necessary to improve the security posture of the company.
Who needs Security Site Audit services:
- If your company connects to 3rd party vendors
- If your company outsource work to other locations
- If your company transmits data to other locations or companies
What a security company will do for you:
- Audit Security Organization and Security Policies based on industry Standards (ISO 17799, ISF, HIPAA, VISA and more)
What is the security posture of my partner/3rd party vendor?
- Audit HR policies on Personnel Security
Review Hiring and background check processes
Audit the existence of employee training and awareness programs
Only trustworthy staff should be accessing your information
Is everyone aware of corporate and security policies?
- Physical Security Site Audit
Verify perimeter defenses and access controls are in place
- Compliance Checks
External and internal audits
Implement regulatory and legal requirements
- Access Control
Effective Password policies
Logical and physical data and network separation
Audit logging
Encryption methods and Key Management processes
Secure Production environments
- Development Security
New technologies and product development
Secure testing and QA methodologies
Risk assessment
Project Management Capabilities
- Asset and Data Classification
Implement Data Classification schemas
Determine appropriate security controls for each classification
- Disaster Recovery and Business Continuity planning
Audit the existence of formal DR BCP plans and effectiveness
- Mergers and Acquisitions
Value added services when buying or selling a business
Uncover security concerns that need to be addressed
- Change Management
Verify security involvement during second most critical phase in application and product lifecycle
- Operations Management
Secure Data transport
Effectiveness of Data Backup processes
Secure Ecommerce development
Benefits:
- Results and reports are based on Security expertise and Industry best practices
- Access to security knowledge and experience that may not reside with client�s staff
- Meet legal and regulatory compliance requirements
- Meet Privacy Requirements
- Perform Due Diligence and Due Care
- External / Independent Assessment from approved Information Security company
- Not vendor specific approach
- Intrusive / Non-intrusive methodologies
- Assist you in implementing required actions to address the findings
- Assist in automating security processes for Company use
