ISO 27001 Security Assesment Service

Corporate information and intellectual property are important assets that every organization must protect from unauthorized users. Developing and maintaining a sound security strategy can help an organization to manage its risks associated with network intrusion, data theft, system misuses, privilege abuse, tampering, fraud, or service interruption.

Typically, organizations tend to implement and audit security or privacy program requirements in individual silos. This approach is costly, ineffective, time-consuming and lacks continuity. An Information Security Management System (ISMS) serves as an overlay for multiple data protection regulations such as Sarbanes-Oxley, EU Data Privacy Directive, PCI and any other security or compliance initiatives.

BESECURE Security Assessment Services will assist you in identifying the combination of technical, resource, and process controls that your company can use to manage security risks. Conducted by a BESECURE security consultant, these in-depth assessments identify the strengths and weaknesses of your current security posture as well as vulnerabilities to security threats. BESECURE consultant works with you to determine the appropriate mix of security assessments to address your business needs.

Benefits :

Realistic view of current corporate security procedures and controls.
Highlights strengths of weaknesses of current information security framework.
Provides an in-depth analysis of your current security posture.
Helps you to understand how your security measures compare to industry standards.
Enables more informed decisions, allowing you to better manage your company's exposure to threats associated with doing business over the Internet.
Provides recommendations for reducing exposure to currently identified security risks.
Cost effective way of preparing for ISO 27001 implementation.

Features :

Analysis of overall security posture and procedures, including policy analysis, process and procedure review, and staff training and awareness.
Review of physical security controls, including access controls, system location, security monitoring, and site security and layout.
Review of internal and network boundary security, including dial-up access control, intrusion detection, existence of known vulnerabilities, network configuration issues, and traffic-related issues.
Review of firewall and defenses, including rule configuration, monitoring for alarms, virus protection, and real-time intrusion detection.
Review of application and database security, including hardening, password and user authentication, data integrity, backup procedures, and software development.
Review of client security, including desktop security, PDA and mobile management, access to the Internet, remote working practices, permissions, and virus protection.
Identification of security deficiencies based on a combination of interviews with key IT and security staff and audits, which may include assessment of compliance with the organization's security policies and procedures, configuration audit, and onsite review of physical security.