Your IT GRC program must address more than just the physical network. It should be designed to protect the entirety of your IT infrastructure and processes against both technical and human vulnerabilities. This means a security assessment should extend well beyond conventional network vulnerability scanning. TraceSecurity offers the kind of comprehensive security assessment that can identify vulnerabilities and determine the adequacy of your existing security controls and best practices.

 

The Compliance Overview

If your organization is subject to IT security mandates such as FDIC, GLBA, HIPAA, HITECH, NCUA, OCC, and PCI DSS, you are required to have independent third-party testing of your information security program to identify vulnerabilities that could result in unauthorized disclosure, misuse, alteration, or destruction of confidential information, including Non-Public Personal Information (NPPI). The recommended best practices methodology is a security assessment that incorporates testing of both technical and human vulnerabilities related to your information security program.

 

The TraceSecurity IT Security Assessment Overview

Our security assessments are designed specifically to meet regulatory requirements and address the needs of any size organization. To determine the adequacy of your existing security controls and to identify security deficiencies, our seasoned security experts will conduct a thorough examination of your IT infrastructure. The assessment includes manual false positive reduction services and vulnerability analysis to determine severity, and a best-practice review.

The assessment process is managed through the company’s cloud-based software solution, TraceCSO, allowing you convenient access to a variety of tools that can be used to continuously assess the three core components of your information security program – people, processes, and technology.

A security assessment that is conducted remotely includes:

  • Internal and external port scan
  • Internal and external network vulnerability scan
  • Asset classification assistance
  • TraceCSO setup, implementation and access to vulnerability management, ticketing and reporting capabilities
  • Network vulnerability review (false positive reduction of scan data through a manual third-party review)

A Comprehensive Security Assessment (CSA) includes these additional services:

  • TraceCSO setup, implementation and access to vulnerability management, compliance, policy, training, ticketing and reporting capabilities
  • Policy reviews 
  • Policy awareness reviews 
  • In-depth regulatory and/or best practice review 
  • Regulation call to assist with self-assessment 
  • Network topology review 
  • Internal network vulnerability review
    • False positive reduction of scan data through manual third-party review 
    • Validation of false positive review through manual third-party analysis 
    • Advanced manual vulnerability analysis to determine vulnerability severity 

When conducted onsite, the CSA also includes:

  • Wireless access point identification, including rogue
  • Physical security review
  • Dumpster diving at main facility
  • Offsite consultation and remediation strategy

CSA results are provided in an extensive report containing:

  • Project overview
  • Comprehensive security assessment methodology
  • Executive summary
  • Prioritized internal and external network risks and recommendations
  • Regulatory compliance analysis
  • Information security policy analysis
  • Executive level PowerPoint of assessment
  • Differential reporting
  • Appendix

On-going CSA services, via TraceCSO, include:

  • On-demand generation of comprehensive reports
  • Unlimited client-executed scans with third-party remote false positive validation
  • Regulatory compliance and security assessment evaluation metrics through self-assessment
  • Automated policy development software and policy management
  • Automated training development software and training management, including access to security awareness training content
     

TraceSecurity also offers custom security assessment options tailored to your organization's needs and budget, including a security assessment that is performed remotely.

 

Download Now: IT Security Assessment Datasheet

 

Contact us for a FREE Consultation 

 

Learn how you can save money and delivery time by bundling an IT security assessment, a social engineering engagement and penetration testing. Click here.