Saturday, August 06, 2005

In a Nutshell - Security Site Audits

Security Site Audits

A security Site Audit will identify security issues and help Executive Management decide what steps are necessary to improve the security posture of the company.

Who needs Security Site Audit services:
- If your company connects to 3rd party vendors
- If your company outsource work to other locations
- If your company transmits data to other locations or companies

What a security company will do for you:
- Audit Security Organization and Security Policies based on industry Standards (ISO 17799, ISF, HIPAA, VISA and more)
 What is the security posture of my partner/3rd party vendor?

- Audit HR policies on Personnel Security
 Review Hiring and background check processes
 Audit the existence of employee training and awareness programs
 Only trustworthy staff should be accessing your information
 Is everyone aware of corporate and security policies?

- Physical Security Site Audit
 Verify perimeter defenses and access controls are in place

- Compliance Checks
 External and internal audits
 Implement regulatory and legal requirements

- Access Control
 Effective Password policies
 Logical and physical data and network separation
 Audit logging
 Encryption methods and Key Management processes
 Secure Production environments

- Development Security
 New technologies and product development
 Secure testing and QA methodologies
 Risk assessment
 Project Management Capabilities

- Asset and Data Classification
 Implement Data Classification schemas
 Determine appropriate security controls for each classification

- Disaster Recovery and Business Continuity planning
 Audit the existence of formal DR BCP plans and effectiveness

- Mergers and Acquisitions
 Value added services when buying or selling a business
 Uncover security concerns that need to be addressed

- Change Management
 Verify security involvement during second most critical phase in application and product lifecycle

- Operations Management
 Secure Data transport
 Effectiveness of Data Backup processes
 Secure Ecommerce development

- Results and reports are based on Security expertise and Industry best practices
- Access to security knowledge and experience that may not reside with client´┐Żs staff
- Meet legal and regulatory compliance requirements
- Meet Privacy Requirements
- Perform Due Diligence and Due Care
- External / Independent Assessment from approved Information Security company
- Not vendor specific approach
- Intrusive / Non-intrusive methodologies
- Assist you in implementing required actions to address the findings
- Assist in automating security processes for Company use

Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?