A key element of good security management is regular and structured evaluation of compliance with the security policies, standards, guidelines, procedures and legal requirements. Organizations must ensure that control measures are appropriate (operational assurance) and that they operate as designed (life cycle assurance). Our services provide executive management with these two forms of assurance so that management understands the degree of risk in their information systems by a structured and repeatable risk assessment methodology to minimize the risks to the business. As organizations mature in their control posture, they graduate to the process of establishing a formal IT and Information Security Governance Framework and support it with formal measurement and reporting addressing the degree of governance maturity. Our technology, risk and governance assessment process draws on a rich blend of audit process knowledge and information security expertise and we translate our assurance service reports into ‘business’ language that often results in shorter time to implement controls.
This service includes the following components:
- Information Systems & Security Audit
- Risk Based IT Audit
- Information Technology and Information Security Governance – Process definition and metrics for maturity assessment
- Information Risks - Assessment, Management and Controls
- Gap Analysis and building systems including policies, procedures, standards, guidelines and implementation practices covering the following:
ISO 27001 SSAE 16 BS25999 PCI DSS ISO 31000 SOX COBIT ITIL COSO ISO22301 OSSTMM OWASP HIPAA ISM3 GAISP