SECURITY RISK ASSESSMENT SOLUTIONS
WHAT IS THE BUSINESS CHALLENGE?

As mandated by recent compliance laws and standards, organizations in all verticals are required to perform an annual security risk assessment on their IT infrastructure.

security risk assessment

This may include an assessment of the effectiveness of organizational policies and operational procedures on the enterprise workforce. Some of the business challenges facing both private sector and public sector organizations include:

  • Non-compliance
  • Data breach or exposure
  • Downtime
  • Financial loss or impact
  • Maintaining consumer and public confidence

WHY DOES YOUR ORGANIZATION NEED TO MAINTAIN COMPLIANCE?

Organizations requiring a security risk assessment as part of a mandate or compliance law requirement on their IT infrastructure and environment can simply pick and choose 1 from Column A, 1 to 5 from Column B, and 1 from Column C to define the scope of your security risk assessment and methodology or approach you desire for your organization’s security risk assessment. Specific attention will be incorporated for those compliance law requirements that your

Industry Vertical Compliance Scope Methodology
Airports/Transportation PCI DSS PCI DSS SAQ A – D Forms
County Government State Laws NIST SP800-Series Risk Assessment Approach
Federal Government – Civilian FISMA NIST SP800-Series Risk Assessment Approach, NIST Risk Management Framework
Federal Government – DoD DIACAPS NIST SP800-Series Risk Assessment Approach, NIST Risk Management Framework, Information Assurance
Financial (Banking/Insurance) GLBA GLBA Data Security Standard
Healthcare HIPAA HIPAA Security Rule, HIPAA Privacy Rule
Higher-Education FERPA FERPA Data Security Standard
K-12 FERPA Ferpa Data Security Standard
Retail/Manufacturing/Supply Chain PCI DSS  PCI DSS SAQ A – D Forms
State Government State Laws, PCI DSS NIST SP800-Series Risk Assessment Approach, NIST Risk Management Framework
Utilities FERC/NERC  FERC/NERC Security Standard

 

HOW DOES ITPG’S SECURITY RISK ASSESSMENT SOLUTIONS HELP YOU?

Security Risk Report

Our approach to solving our client’s IT security business challenges is as follows:

  • We breakdown the complexity of compliance laws into real-world implementation requirements
  • We incorporate these implementation requirements into your organization’s security baseline definition using the 7-Domains of a Typical IT Infrastructure as a framework and model
  • We perform a security risk assessment according to your desired approach or methodology in accordance with your defined security baseline definition
  • We conduct a gap analysis identifying gaps in how your organization can achieve or exceed your security baseline definition
  • We provide prioritized recommendations and cost magnitudes estimates such that your organization can properly plan and budget your security risk mitigation solutions
  • User Domain—>Workstation Domain—>LAN Domain—>LAN-TO-WAN Domain—>Remote Access Domain—>WAN Domain—>System/Application Domain

ITPG has successfully delivered over 100+ security risk assessments for every vertical industry and compliance law currently enacted within the USA.

GRC Solutions



GRC Service Products PDF-download-icon

ISSA Curriculum Overview