Your browser version is outdated. We recommend that you update your browser to the latest version.

Detailed Security Assessment

We will perform an initial cyber security assessment to identify what security practices and safeguards are already in place. We will then assess these against industry best practices to identify gaps or deficiencies and potential high-level risks. We will produce a set of recommendations that will provide guidance in terms of an action plan to improve overall security. The Assessment can  include an examination of all aspects of your information systems such as policies, procedures, disaster recovery and business continuity plans, network architecture, security controls, personnel, physical and environmental and security practices.


Approach:

The approach is to assess current information security management practices as a governance activity and is usually assessed based on policy requirements. An assessment includes documentation collection and review as well as information gathering sessions. An analysis is performed using the gathered information to assess the overall capabilities for managing security as well as any security deficiencies or gaps measured against industry standard practices.

A list of threats is considered and those relevant to the specific environment are highlighted and rated. As well, we will indicate what assets may be the target of critical assets within the organization.

Vulnerabilities are determined based on observed deficiencies, deviations from policy, and or legal/regulatory requirements and industry best practices. A list of existing security controls and their adequacy is applied to the noted vulnerabilities when rating the overall vulnerability levels.

The assessment will then assess potential security risks and provide recommendations that, if correctly implemented, will serve to manage the risks to a level that is determined acceptable by management.

Methodology:

If the client has a preferred methodology, we can utilize it during the assessment. Otherwise we will proposed a methodology suitable to the environment where the IT components are managed and operated. Typically the popular methodologies are based on the ISO 27005 Risk Management Standard approach or for government clients we can utilize the Government of Canada Harmonized Threat and Risk Assessment (HTRA) methodology.

Expected Outcome:

  • A list of critical assets within the scope of the assessment and their business value

  • A list of risks rated low, medium or high, to which critical assets may be exposed

  • A series of recommendations to facilitate risk management

 

Learn more......