|
|
 |
|
|
IS (Information System) security assessment
Information System Security Assessment is the most comprehensive security analysis offered by ITSEC Asia and it is often selected by our most demanding clients. The comprehensive assessment follows ISO27001/ISO27002 standards and covers both technical and management related aspects of information security management system (ISMS). The following areas are covered in the analysis:
- Security Planning � Business Continuity and Disaster Recovery Planning, Incident Response Planning, Security Policy, Security SOPs and other available documentation;
Configuration of firewalls, network routers and switches, servers, workstations, database and others;
- Security of core business applications, web-site and web-applications, e-commerce applications, domain security, security of authentication and identity management systems, security of communication systems etc.;
- Conformance to ISO 27001 standard;
The most valuable results can be achieved if IS security assessment is combined with penetration test executed as the first stage of the project. Such approach provides additional benefits such as awareness increase, practical evaluation of implemented security measures and identification of impact of discovered security weakness. It also allows our consultants to understand client�s organisation better and ensures precise understanding of risks involved.
Due to the comprehensive nature of our IS security assessment it ensures rapid implementation of recommended changes and also allows management to develop a long-term strategy for improving and maintaining security of information system.
In the course of security assessment project our consultants also focus on knowledge exchange cooperation with a client. Together with a project�s final report we deliver a comprehensive training and guarantee thorough understanding of the assessment results. The IS security assessment findings are presented to the client in a comprehensive report and several presentations to executives, management and technical teams. Each identified security weakness will include risk assessment and recommendation for risk mitigation method. For each finding we also explain and rate risk involved, explain and rate the complexity of implementation of our recommendations.
Key benefits mentioned by our clients who benefited on this service include:
- Provides management with a comprehensive picture of current condition of information security management system which simplifies the strategy planning for ISMS;
- Prepares ground for ISO 27001 certification related initiatives;
- ROI thanks to optimised security measures, identification of critical areas and improvement of security planning; secure information infrastructure is also cheaper to maintain.
If you�d like to learn more about this service please click button below to request a presentation or leave a message to our sales personnel.
|
|
