WHAT IS THE BUSINESS CHALLENGE?

Organizations that are void of a Chief Information Security officer (CISO)or an IT Security Manager typically means they are void of a comprehensive network security posture assessment aligned to compliance requirements.

hipaa_compliance2
Each industry vertical has a specific compliance law or standard that defines specific requirements for network security, use of IP stateful firewalls, use of VPN technology for sending confidential data through the public Internet, IT security operations and management, and IT security testing where applicable.

WHO DOES THIS IMPACT?

Industry Vertical Compliance Law or Standard Compliance Scope/Checklist
K-12 / Higher-Educationg FERPA FERPA Data Security Standard
Federal Government FISMA FISMA IA Cert. & Accreditation
Federal Government Fed RAMP Federal Risk and Authorization Management Program / Checklist
Federal Government – DoD DIACAPS DoD Information Assurance Certification and Accreditation Process
Financial (Banking/Insurance) GLBA GLBA Privacy & Safeguard Rules / Checklist
Healthcare HIPAA. HIPAA Security Rule, Privacy Rule, & Business Plans / Checklist
Retail/e-Commerce/Other PCI DSS PCI DSS Merchant / Service Provider SAQ – A/B/C/D
Publicly Traded Company SOX SOX – Section 303 & Section 404 – Security Controls & Safeguards / Checklist

 

WHY IS IT IMPORTANT?

In concert with performing a security risk assessment or compliance gap analysis, drilling down to the your IP data network infrastructure and locking it down according to your required security baseline definition requires a thorough and complete analysis of all internal and external network connection and access points.
Some of the business challenges facing both private sector and public sector organizations include:

  • Updating Layer 2 and Layer 3 network documentation for both physical connections and logical configurations (e.g., IEEE 802.1q VLANs, Layer 3 switching/routing, etc.) as part of the overall network security posture assessment’s Discovery Phase
  • Maintaining air-tight configuration change management throughout the IP data network infrastructure so as to ensure if any critical or major change occurs in the IP data network that proper documentation, testing, and validation are all up to date and accurate
  • Identifying and prioritizing network remediation or security hardening requirements for identified gaps that are found as part of the overall network security posture assessment’s Assessment Phase
  • Budgeting CAPEX and OPEX to remediate risks, threats, and vulnerabilities that are found within the IP data networking infrastructure will be incorporated as part of the overall network security posture assessment’s Recommendation Phase based on the defined security baseline definition
  • Ensuring that the organization’s internal and external layered security solutions work according to the defined requirements, policies, and standards to maintain compliance (e.g., this may require performing IT security testing, verification, and validation, etc.)

HOW DOES ITPG’S NETWORK SECURITY POSTURE HELP YOU?

ITPG’s Network Security Posture Assessment will drill down to your organization’s compliance requirements, required security controls, and implementation of needed safeguards.

Lan-to-Wan
This will typically include a thorough review, assessment, and security testing within the 7-Domains of a Typical IT Infrastructure framework definition: User Domain, Workstation Domain, LAN Domain, LAN-to-WAN Domain, WAN Domain, Remote Access Domain, System/Application Domain.

    • Breakdown of the complex compliance laws into real-world implementation requirements and map them to your IP data networking and IT operations and IT security operations environment
    • Incorporate compliance requirements into a qualitative assessment tracking tool or spreadsheet organized per the network and network security baseline definition that will be defined during the Definition Phase of the network security posture assessment
    • In-depth interview of your IT, IT security, and IP data networking personnel and perform on-site inspections and reviews of your current Layer 2 and Layer 3 IP data networking implementation. This will include a review of policies, standards, procedures, and guidelines as it pertains to a layered security implementation to validate security controls and implementations throughout the IP data networking infrastructure
    • Perform a high-level, qualitative compliance gap analysis & network security posture assessment mapped to your organization’s compliance requirements and network security baseline definition
    • Delivery of gap remediation recommendations aligned to CAPEX and OPEX cost magnitude estimates and prioritized according to the network security posture assessment findings, assessments, and recommendations mapped to your organization’s compliance requirements.

ITPG has successfully delivered 100+ Compliance Gap Analysis and Posture Assessments covering every vertical industry and compliance law currently enacted within the USA.

GRC Solutions



GRC Service Products PDF-download-icon

ISSA Curriculum Overview