InfoTransec’s Security Assessment (SA) practice has recognized capabilities and subject matter experience assisting clients in understanding areas of business and industry risk (governance, process, operations, and IT) that translates and aligns IT risk components to the business, with the ability to go beyond a company’s standard areas of IT controls.
InfoTransec SA methodology is a risk-based approach while focusing on overall security posture of your organization. Our methodology is adopted from various leading internationally accepted standards including ISO-27001/2, ISF, NIST, and COBIT. Through our experience in implementing information security programs, we have refined our methodology, which provides a solid foundation for building a tailored solution to meet your needs.
Included in the scope of our SA practice, we meet with business and IT leadership to discover and understand your organization’s current IT governance, strategy, objectives, and organization structure. We work with the main stakeholders in your team to develop a fit for use risk framework consisting of IT risk categories, assets (physical and logical), as well as risk-rating criteria factors (impact, vulnerability, and likelihood).
During the discovery phase of our SA practice, InfoTransec’s subject matter experts and security specialists conduct interviews, workshops, and/or surveys/questionnaires to develop a tailored IT Risk Map using the risk-ranking criteria. Once the discovery phase is completed, the findings are presented to the stakeholders as a Current State (aka as-is) report asking for final confirmation of these findings. At the final phase of our SA practice, a final and comprehensive report gets generated and presented to the management of your organization. In this final report and based on our finding and industry’s best practices, we include full risk ranking, potential impacts as well as our recommendations for mitigating the risks with a roadmap for implementing the needed controls.
We look forward to assisting you with assessing your current information security practice and assisting with development of an information security framework that can be leveraged as a security benchmark for your operation.