 |
Security Associates Corp™
5218 Keller Ridge Rd.
Clayton, CA 94517
(925)672-2008
|
|
|
HOME 
PRODUCTS
ENTERPRISE COMPLIANCE MANAGER |
The Assessment Process
Step 1. The Pre-Assessment
Phase.
In this phase, the user will access
multiple forms and databases to ensure easy tracking
of all logistics needed to administrate a comprehensive
security assessment. The databases include the ability
to:
-
Identify the
customer’s priorities.
-
Chronicle
the actions of the assessors.
-
Use the Pre-Assessment
Checklist to track everything needed before an assessment.
-
Determine
and track customer interview schedules.
-
Identify customer
objectives.
-
Track business
functions to IT functions.
-
Track all
business processstakeholders.
-
Set up and
track appropriate interview questions and answers.
-
Track all
meeting times, dates, and conversations.
-
Map the assessment
objectives back to the statement of work.
-
Ensure that
multiple assessors are accomplishing their objectives.
Step 2. Actual-Assessment
Phase
The system allows the user to perform
the following critical risk assessment functions seamlessly,
either separately or in tandem:
-
Utilize industry-accepted
vulnerability scanning tools to import data into the
Assessment software, which will identify anomalies
and errors (ISS-Security Scanner, CyberCop support
today). The system also gives the flexibility to use
on board scanners
-
“Health
check” capability for quick overview of security
risk status. Answer fewer questions to determine overall
security risk within physical, operational and network
areas. (Increase assessor productivity and reduce
costs)
-
The questionnaire
function allows you to easily pare down the list of
questions to ensure that you only ask those that are
required, while redundant and non-related questions
are skipped.
-
The Reference
database will dynamically locate and access key system
commands and port information back into the tool.
-
The modular
architecture designed with the questionnaire, allows
the assessor to drill deeper into business processes
and identify risk.
Core assessment areas include:
-
Physical Security
-
Network Security
-
Operational
Security
-
Policy compliance
-
Application Security
Templates are available for the following
assessments:
-
Sarbanes Oxley
-
HIPAA Compliance
-
Gramm, Leach,
Bliley Act
-
ISO17799
-
Federal Energy
Regulatory Committee
-
Federal Information
Security Management Act
-
Department
Of Defense Information Technology Security Certification
and Accreditation Program
Step 3. Post-Assessment
Phase
Report generation is performed during the Post-assessment.
In most cases consultants spend a majority of their
time having to reformat various sources of information
into a final report for submission. With our template
builder, the assessor will quickly create custom reports
from one of our default report templates. Our methodology
bridges the gap between the IT staff and the business
stakeholder by providing associations of assets and
protection analysis, a prioritization of the most significant
security risks, and vulnerabilities. Our methodology
and tool provides the ability to:
-
Provide three
default reports: Executive Summary, Managers &
Technical Report, detailed report, and appendices.
-
Provide detailed
and comprehensive reports on assessment results, identify
security vulnerabilities, and suggest potential solutions
for these vulnerabilities.
-
Rank potential
risk in various areas including, but not limited to:
IDS, perimeter, physical, and email security, encryption,
privacy, policy and procedures, employee security
training, etc.
-
Calculate security
solution implementation levels of exposure including,
but not limited to: installation, configuration, penetration
tests, maintenance and monitoring.
-
Recommend fixes
for reducing security weaknesses.
-
Allow the consultant
to create specific questions regarding their environment
with ease.
|
|
