Security Risk Assessment (SRA) and Analysis
The methodology that Integrity IT uses to perform the security risk assessment (SRA) is based on risk assessment concepts and processes described in NIST[1] SP 800-30 Revision 1.
Overview of the Risk Assessment process:
- Identify and document all Personally Identifiable Information (PII) repositories
- Identify and document potential threats and vulnerabilities to each repository
- Assess current security measures
- Determine the likeliness of threat occurrence
- Determine the potential impact of threat occurrence
- Determine the level of risk
- Determine additional security measures needed to lower the level of risk
- Document the findings of the Risk Analysis
Interview and Data Gathering
Working with the Business Owner and key leadership (ex. Operation and IT Management), the Integrity IT Security Team identifies and documents existing IT configurations and security operations, along with a high-level review of Policy and Procedure. Physical security and processes are observed during a site visit. This initial interview and walk-through requires about 90 minutes of your time to identify Technical[2], Administrative[3] and Physical[4] aspects of Security.
Vulnerability Scan
Based on parameters defined by your business, Integrity IT performs a one-time Vulnerability Scan of your external (public-facing IP addresses) and your internal IP addresses.
Analysis of Findings
The Integrity IT Security Team will perform an analysis of the information gathered.
Deliverables
Present / Review findings with your team.
Reports
The output will include a series of actionable reports that identify gaps in your current IT Security Controls along with a prioritized list of specific recommendations based on the value of the IT asset and the level of risk identified.
Security Posture Improvement Roadmap
Based on the Analysis, we will create a detailed work plan to easily track your remediation / mitigation progress. We work with your team to determine priorities based on the analysis, your risk tolerance, business priorities, and resources to create a roadmap that is the best investment for your business.
Policy and Procedures based on NIST Guidelines
Integrity IT provides security policy templates based on NIST guidelines which your business can customize and adopt into practice if desired. Examples include: Employee Termination Procedures, Data Backup Procedures and Disaster Recovery Procedures
PII-Protect Training Portal Roll-out to your staff (1yr subscription)
This web-based Security Training portal includes self-paced, up-to-date videos and slides. There is also a testing component to help ensure participation and ongoing tips delivered by email.
Options Available
Mitigation Assistance
Integrity IT has the solutions and expertise to address IT Security Risk. Your IT team can leverage Integrity IT as a partner in a project or with a solution that may be a fit ongoing.
Beyond a one-time Security Risk Analysis
Integrity IT’s security division offers Managed Security Services that provide ongoing protection, monitoring, alerting and incident response. These services can help you to continue your path to a more secure IT environment.
Let us know if you want to learn more about Business Security Assessments.
[1] The National Institute of Standards and Technology is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. With a world-class measurement and testing laboratory encompassing a wide range of areas of computer science, mathematics, statistics, and systems engineering, NIST’s cybersecurity program supports its overall mission to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and related technology through research and development in ways that enhance economic security and improve our quality of life. https://www.nist.gov/topics/cybersecurity
[2] Technical Safeguards
- Access controls to restrict access to sensitive or protected data to authorized personnel only
- Audit controls to monitor activity on systems containing sensitive or protected data, such as an electronic health record systems and databases
- Integrity controls to prevent improper data alteration or destruction
- Transmission security measures to protect data when transmitted over an electronic network
[3] Administrative Safeguards
- Security management processes to identify and analyze risks to sensitive or protected data and implementing security measures to reduce risks
- Staff training to ensure knowledge of and compliance with your policies and procedures
- Information access management to limit access to sensitive or protected electronic data
- Contingency plan to respond to emergencies or restore lost data
[4] Physical Safeguards
- Facility access controls, such as locks and alarms, to ensure only authorized personnel have access into facilities that house systems and data
- Workstation security measures, such as cable locks and computer monitor privacy filters, to guard against theft and restrict access to authorized users
- Workstation use policies to ensure proper access to and use of workstations
Related Posts
- Cloud Security Is Important ( December 12, 2019 )
- Why a Security Assessment Makes Sense ( November 14, 2019 )
- Advantages of Hiring an IT Services Company ( October 31, 2019 )
- Own it. Secure it. Protect it. ( October 1, 2019 )
- You may or may not know you have a problem ( August 8, 2019 )
- What’s in your wallet … is for sale or trade on the dark web? ( July 30, 2019 )
- IT Security Audit for Your Business ( July 11, 2019 )
- Security Program Development for Your Company ( June 13, 2019 )
- Healthcare Breaches Hit All Time High ( June 5, 2019 )
- What’s Your Best Hacking Defense? ( May 16, 2019 )
Recent Posts
Sign up for our Newsletter
Archives
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- July 2015