Security Assessments

April 7, 2017

Development and implementation of a security plan is essential to safeguard your company's data and minimize risks to unintended privacy disclosure.  There are many aspects to security and a good place to start is to hire a services company to perform an audit to assess your current risk exposures.  Here is a list where by United Force can help you create a security policy and focus on the following areas in our report.

 

Security Controls

 

http://en.wikipedia.org/wiki/ISO/IEC_27001

 

Physical controls e.g. fences, doors, locks and fire extinguishers;

 

Procedural controls e.g. incident response processes, management oversight, security awareness and training;

 

Technical controls e.g. user authentication (login) and logical access controls, antivirus software, firewalls;

 

Legal and regulatory or compliance controls e.g. privacy laws, policies and clauses.

A similar categorization distinguishes control involving people, technology and operations/processes.

 

Information security controls protect the confidentiality, integrity and/or availability of information (the so-called CIA Triad). Again, some would add further categories such as non-repudiation and accountability, depending on how narrowly or broadly the CIA Triad is defined.

 

Risk-aware organizations may choose proactively to specify, design, implement, operate and maintain their security controls, usually by assessing the risks and implementing a comprehensive security management framework such as ISO/IEC 27002, the Information Security Forum's Standard of Good Practice for Information Security and NIST SP 800-53 (more below). Organizations may also opt to demonstrate the adequacy of their information security controls by being independently assessed against certification standards such as ISO/IEC 27001.

 

Risk Management Framework

 

  •  Assessment methodology phases

  •  Technical assessment techniques

 

Why do assessment?

 

  •  Help confirm that systems are properly secured

  •  Identify any organization security requirements that are not met, and other security weaknesses that should be addressed

  •  Meet requirements to periodically assess systems

  • Specifics to concentrate on.

 

Examination techniques, generally conducted manually

 

  •  Evaluate systems, applications, networks, policies, and procedures to discover vulnerabilities

  •  Techniques include

  •  Documentation review

  •  Log review

  •  Ruleset and system configuration review

  •  Network sniffing

  •  File integrity checking

 

Testing techniques, generally performed using

automated tools

 

  •  Identify systems, ports, services, and potential vulnerabilities

  •  Techniques include

  •  Network discovery

  •  Network port and service identification

  •  Vulnerability scanning

  •  Wireless scanning

  •  Application security examination

Share on Facebook
Share on Twitter
Please reload

Featured Posts

Do you find yourself getting into "fire-fighting" mode when deals need to be finalized? United Force has found it's common for sourcing professionals...

Contract Negotiations

April 7, 2017

1/1
Please reload

Recent Posts

April 9, 2017

April 8, 2017

Please reload

Archive
Please reload

Search By Tags
Please reload

Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square

© 2017 by United Force LLC