GET WELL PLAN: THE INFORMATION SECURITY RISK ASSESSMENT

winter2011An Information Security Risk Assessment is a means of examining your IT infrastructure to identify vulnerable areas in the network and provide steps to secure them. Source: Encarta Dictionary. Risk assessments are crucial in validating your company’s security policy, procedures, and infrastructure. This service provides a high-level overview of network security strengths and weaknesses, as well as a detailed analysis of network-connected resources. The risk assessment is often the first step in evaluating your overall security posture. We have said before that a Risk Assessment is similar to checking the doors and windows on your network. With all of the confidential corporate and customer information in your database, you would never consider leaving those doors and windows open. But beyond the entryways that are easy to see, are there other access points that are not so obvious? 

STANDARDS, REGULATIONS, BEST PRACTICESICS-risk-assessment_810

A risk assessment is a systematic evaluation based on state and/or federal regulations, industry best practices, and client-specific needs.

In order to provide an objective, repeatable security management approach, ICS uses standards promulgated by ISO and the ISO 27002:2005 Code of Practice for Information Security Management. ISO 27002 guides the risk assessment, with supplementary information provided by ICS’s proprietary risk assessment methodology. ICS’ methodology combines the ISO 27002 standard with NIST 800-series framework to review business risks and identify effective security solutions. Learn more about Risk Assessments and other services from ICS, Inc.

Technology Industry InnovatorsVeteran Owned Small BusinessCMMI Maturity Level 3CISSP® - Certified Information Systems Security ProfessionalCertified Penetration TesterITIL IT Service ManagementCertified Ethical HackerProject Management Institute CertifiedUS Department of Homeland SecurityDisaster Recovery Institute CertifiedCertified Information Systems Auditor