|
The objective of the Risk Assessment is to identify gaps, threats, vulnerabilities, and risks
to the information systems security management program, systems, and processes at your organization.
The assessment is based on standards and recommendations outlined by the Financial Institutions
Examination Council (FFIEC) , the Center for Internet Security, and the National Institute of
Standards and Technology. The Assessment will follow the guidelines in the Financial Institutions
Examination Council (FFIEC) IT Examination Handbook.
A Vulnerability Assessments is an optional component Netsecuris can perform as part of a Risk Assessment.
Service Description
The Risk Assessment is composed of two phases; Review and Analysis. The Review Phase consists of reviewing all
documentation related to information systems and data protection for the purpose of better understanding your
organization’s information systems management processes in relation to information security practices.
Further information will be gathered through observation of processes and querying staff on their understanding
of information security and data protection practices currently implemented by your organization.
The purpose of the Review Phase is to gather information about threats and vulnerabilities.
Information gathered during this phase is used to perform the Analysis Phase. This phase is
generally conducted on-site at the client’s offices.
The purpose of the Analysis Phase is to quantify the information gathered during the Review Phase as well as
compile a report to deliever to the customer.
Netsecuris’ deliverable report will provide management with a summary of the findings as well
as detailed analysis of risk including quantitative risk percentages in relationship to asset
costs. Recommended remediation for any discovered threats to data security, risk mitigation
strategies, and improvements to business processes that may enhance the organization’s data and
system security will be provided in the report.
|