Are you at risk?
Whether you need to identify your vulnerabilities to an external attack, assist your internal audit team in reviewing IT controls or comprehensively assess your enterprise security risk, our services are designed meet your needs and budget. Our services include risk assessment, vulnerability assessment, perimeter vulnerability assessment and IT controls review:
Risk Assessment – We all live with risks. Some are likely to happen, while others are remote and have minor consequence. The challenge is recognizing which risks we can live with and which we can’t.
The same is true for managing information security risk. At the core of any information security program is a risk assessment that identifies and prioritizes risks based on impact severity, probability and mitigation cost so management can make intelligent decisions about how to manage corporate risk.
Our Risk Assessment service provides a comprehensive analysis of the technical, physical and administrative controls protecting your assets. We cover a variety of areas, including Internet exposure, privacy of customer information, access and authentication controls, e-mail vulnerabilities, data classification, physical access restrictions, data encryption, external service providers, application security and monitoring and response. All vulnerabilities are charted into a customized scattergraph that depicts your risks in terms of probability and impact. We then map the discovered vulnerabilities to the applicable control objectives (e.g., GLBA, HIPAA, ISO-17799) to ensure your regulatory objectives are being met.
Vulnerability Assessment – Our Vulnerability Assessment provides a comprehensive analysis of the internal and external technical controls that safeguard your company’s information assets. Through a combination of onsite analysis and external vulnerability scans, our team identifies your top technical vulnerabilities and recommend solutions to mitigate risk. Like our Risk Assessment, our Vulnerability Assessment prioritizes vulnerabilities based on probability, impact and cost.
Perimeter Vulnerability Assessment – Our Perimeter Vulnerability Assessment service provides an external view of your security controls to identify the Internet vulnerabilities a hacker might exploit – so you can take corrective action before a compromise occurs. Our detailed Perimeter Vulnerability Assessment report explains the findings and provides remediation recommendations to give you a road map to make your network perimeter more secure.
IT controls review – Many organizations today are responsible for establishing internal controls to ensure that assets are safeguarded against loss, unauthorized use or disposition. In addition to our risk assessment, Assurity River can assist in the internal audit of your IT controls (or internal audit co-sourcing). This includes a review and assessment of policies and procedures, including:
- Information security policy
- Security organization
- Asset classification and control
- Personnel security
- Physical and environmental security
- Computer and network management
- System access control
- System development and maintenance
- Business continuity planning
- Compliance
If, after you assess your risk, you need a cost-effective turnkey security management solution, check out Assurity River’s Outsourced Security Management Program.
