Protecting your sensitive information takes more than a good firewall and antivirus. It’s affected by everything your organization does: the policies your team members follow in the office, the ease of remote access to your server, the locks on your doors, even your organization’s social media presence.
Protect the confidentiality, integrity and availability of your organization's information.
If you can’t measure it, you can’t improve it.
Often, many of these safeguards happen by chance or habit. After all, it’s common practice to lock the office door, report suspicious emails, and keep sensitive info out of plain sight. But if these defenses only happen by default, you have no way to rely on them, and malicious actors are skilled at finding overlooked vulnerabilities. When it comes to cybersecurity, passive defenses are no match for an active attack.
Measure Your Organization's Risk
The Information Security Assessment examines three different areas of your organization’s security. While some of these security controls are obvious, others are often overlooked – which is why it’s so critical to review each type completely to find the gaps.
By reviewing your protections in each of these key areas, you can get a clearer picture of the work you have to do to mitigate your specific risks – either to meet compliance standards such as HIPAA, PCI, or DFARS, inform your cybersecurity insurance decisions, or simply protect your organization’s critical information and infrastructure from outside influence.
Administrative Controls
Policies, awareness training, guidelines, standards, and procedures
Physical Controls
Doors, locks, camera surveillance, portable data storage, and alarm systems
Technical Controls
Split into Internal & External designations
Internal – Firewalls, anti-virus software, and patch/software vulnerability
External – Search engine indexes, social media, DNS, and port/vulnerability scanning
The assessment involves a complete review, inspection, and evaluation of your organization’s different security controls, conducted by our trained Information Security Assessor. Working from an exhaustive list of questions, measurements, and standards, the assessor will take stock of your security controls and your level of risk in various areas.
Although you could, in theory, ask yourself many of these security questions, the value of an outside observer is undeniable. By explaining your controls and policies to our assessor, not only can you be certain of an objective assessment, you can also get the chance to articulate your actions and the intentions that motivated them. More than once, our clients have had “Aha!” moments about their own security, mid-explanation.
This Includes:
Physical Office Visits
Document & Database Review
Team Member Interviews
Build a comprehensive roadmap
In addition to your thorough information security analysis, you’ll also receive a plan of action for addressing those shortcomings, plus consultation from us on how to prioritize those actions.
Our managed services clients will benefit even more, thanks to integration with our strategic planning sessions and check-ins.
The Information Security Assessment is more than just a one-off tool: it’s a way to constantly build security habits to protect against the threats of today…and tomorrow, too.
Review Analysis
Plan & Prioritize
Mitigate Risk