SECURITY RISK ASSESSMENT SOLUTIONS
WHAT IS THE BUSINESS CHALLENGE?
As mandated by recent compliance laws and standards, organizations in all verticals are required to perform an annual security risk assessment on their IT infrastructure.
This may include an assessment of the eﬀectiveness of organizational policies and operational procedures on the enterprise workforce. Some of the business challenges facing both private sector and public sector organizations include:
- Data breach or exposure
- Financial loss or impact
- Maintaining consumer and public conﬁdence
WHY DOES YOUR ORGANIZATION NEED TO MAINTAIN COMPLIANCE?
Organizations requiring a security risk assessment as part of a mandate or compliance law requirement on their IT infrastructure and environment can simply pick and choose 1 from Column A, 1 to 5 from Column B, and 1 from Column C to deﬁne the scope of your security risk assessment and methodology or approach you desire for your organization’s security risk assessment. Speciﬁc attention will be incorporated for those compliance law requirements that your
|Industry Vertical||Compliance Scope||Methodology|
|Airports/Transportation||PCI DSS||PCI DSS SAQ A – D Forms|
|County Government||State Laws||NIST SP800-Series Risk Assessment Approach|
|Federal Government – Civilian||FISMA||NIST SP800-Series Risk Assessment Approach, NIST Risk Management Framework|
|Federal Government – DoD||DIACAPS||NIST SP800-Series Risk Assessment Approach, NIST Risk Management Framework, Information Assurance|
|Financial (Banking/Insurance)||GLBA||GLBA Data Security Standard|
|Healthcare||HIPAA||HIPAA Security Rule, HIPAA Privacy Rule|
|Higher-Education||FERPA||FERPA Data Security Standard|
|K-12||FERPA||Ferpa Data Security Standard|
|Retail/Manufacturing/Supply Chain||PCI DSS||PCI DSS SAQ A – D Forms|
|State Government||State Laws, PCI DSS||NIST SP800-Series Risk Assessment Approach, NIST Risk Management Framework|
|Utilities||FERC/NERC||FERC/NERC Security Standard|
HOW DOES ITPG’S SECURITY RISK ASSESSMENT SOLUTIONS HELP YOU?
Our approach to solving our client’s IT security business challenges is as follows:
- We breakdown the complexity of compliance laws into real-world implementation requirements
- We incorporate these implementation requirements into your organization’s security baseline deﬁnition using the 7-Domains of a Typical IT Infrastructure as a framework and model
- We perform a security risk assessment according to your desired approach or methodology in accordance with your deﬁned security baseline deﬁnition
- We conduct a gap analysis identifying gaps in how your organization can achieve or exceed your security baseline deﬁnition
- We provide prioritized recommendations and cost magnitudes estimates such that your organization can properly plan and budget your security risk mitigation solutions
- User Domain—>Workstation Domain—>LAN Domain—>LAN-TO-WAN Domain—>Remote Access Domain—>WAN Domain—>System/Application Domain
ITPG has successfully delivered over 100+ security risk assessments for every vertical industry and compliance law currently enacted within the USA.