Don’t wait for a crisis to invest in information security.

The primary objective of the assessment is to identify and evaluate key risks and controls related to IT Security, and to evaluate the design of the “business as usual” processes and activities performed as part of your company’s ongoing IT Security program, as well as its Security Incident Response program.

The preliminary scope will evaluate the control design of the process for ensuring the adoption and alignment with industry standards, procedures, tools, and techniques used to create a secure IT environment.  This includes, but is not limited to, a review of the following elements.

  • Inventory Management
    • Assets
    • Applications
    • Databases
    • Type of Data
  • Network Design
  • RACI Matrix
  • Policies/Standards
  • Metrics

Our estimated timeline to complete this engagement is as follows:

  • Pre-Assessment: This depends on what the company can provide versus what must be gathered by, LLC.  If the company cannot provide required Pre-Assessment information,, LLC, offers services, at an additional cost, to assist with gathering and/or creating the required Pre-Assessment information.
  • Assessment: Once the required Pre-Assessment information has been provided/gathered, the Assessment usually takes two-four weeks.
    • Clarification Meetings: During the Assessment phase, clarification meetings may be needed to better understand the company’s position and intent with certain controls, policies, and/or standards.  Delays in the company’s participation and needed response to clarifying questions may impact the overall completion date of the assessment
  • Reporting:
    • Draft Report Review Meeting: Once the Assessment has been completed, a detailed report of the findings by, LLC will be provided for review.
    • Final Report Review and Recommendations Meeting: A formal meeting, complete with recommendations to remediate or mitigate findings will be held. If the company has purchased IT Security Assessment Package 1 or 2, which includes follow-up assessments, a decision to remediate, mitigate, or accept the risk will be recorded, as reference in the next assessment.
      • Remediation: Actions taken to eliminate an identified risk.
      • Mitigation: Actions taken to monitor risks which cannot be remediated. Mitigation is a less desirable action due the costs associated with the maintenance, execution and traceability requirements of the mitigating control.
      • Risk Acceptance: Making a choice to accept the risk without remediation or mitigation.
    • Closure/Report Issuance Date: Within one week after the Final Report Review and Recommendations Meeting, an official report will be provided and will serve as formal closure of the engagement. If the company has purchased IT Security Assessment Package 1 or 2, which includes follow-up assessments, a tentative date for the next assessment engagement will be included in this report.

Use the  button to provide initial information.