IT Risk Assessment
Information is an essential component of doing business. Today, most essential business information is in electronic form stored in desktop/laptop computers and servers connected to an internal network that is commonly connected to the Internet where information is exchanged. As a result, there are inherent risks that must be mitigated, prompting organizations to ask the question, “How do we protect sensitive information while allowing employees to efficiently do their jobs?”
Understanding the people, processes, and technology that interact with sensitive and mission-critical information equips the organization with the knowledge to understand the roles and responsibilities business applications owners and the IT personnel who manage the technology on which the business applications reside.
A risk assessment is the single most important information security activity that an organization can perform. A risk assessment will define the appropriateness and fitness of security control required within the organization and it allows the organization to make informed risk treatment decisions and investments. Risk-based decision making is the basis of almost every compliance requirement.
Sword & Shield provides our IT risk management services through the use of efficient processes and automated solutions that collect risk information that, when analyzed, can be translated to security controls to be implemented to become compliant and secure.
Compliance
Since 1999, there has been a dramatic rise in information security regulations. Gramm-Leach-Bliley (GLB) and the Health Insurance Portability and Accountability Act (HIPAA) came out in 1999, with the Sarbanes-Oxley Act (SOX) following in 2002. Moreover, privacy and accountability concerns have given rise to an increasing number of voluntary standards—such as ISO 17799 and CobiT— which businesses may choose to use to remain competitive and instill business partner and consumer confidence.
Many heavily regulated companies are forced to comply with multiple federal, state and international mandates, which take a significant toll on corporate resources. In an attempt to balance the numerous industry and federal regulations facing them, many companies installed unique IT controls for each individual mandate and quickly became mired in compliance silos.
The staggered maturity of the different regulations caused many businesses to treat each regulation as an independent project. As each new regulation came into play, it was rarely integrated into existing compliance activities but assigned its own resources.
Unfortunately there is no silver bullet or one-size-fits-all industry approach to comply with all applicable laws and regulations, while also meeting client requirements. Instead, what is needed is a layered, industry-focused approach to compliance and security.
Sword & Shield compliance strategy is based on best practices that include:
- Integrated Controls
- Process-oriented Standards
- Risk-based Standards
- Industry-relevant Standards
FISAP for service providers
FFIEC/GLB for financial institutions
PCI-DSS for payment card processing
HIPAA for health care
NERC-CIP for energy utilities
ISO 27001 as a framework for all industries
Risk & Compliance
IT Risk Assessment
Information is an essential component of doing business. Today, most essential business information is in electronic form stored in desktop/laptop computers and servers connected to an internal network that is commonly connected to the Internet where information is exchanged. As a result, there are inherent risks that must be mitigated, prompting organizations to ask the question, “How do we protect sensitive information while allowing employees to efficiently do their jobs?”
Understanding the people, processes, and technology that interact with sensitive and mission-critical information equips the organization with the knowledge to understand the roles and responsibilities business applications owners and the IT personnel who manage the technology on which the business applications reside.
A risk assessment is the single most important information security activity that an organization can perform. A risk assessment will define the appropriateness and fitness of security control required within the organization and it allows the organization to make informed risk treatment decisions and investments. Risk-based decision making is the basis of almost every compliance requirement.
Sword & Shield provides our IT risk management services through the use of efficient processes and automated solutions that collect risk information that, when analyzed, can be translated to security controls to be implemented to become compliant and secure.
Compliance
Since 1999, there has been a dramatic rise in information security regulations. Gramm-Leach-Bliley (GLB) and the Health Insurance Portability and Accountability Act (HIPAA) came out in 1999, with the Sarbanes-Oxley Act (SOX) following in 2002. Moreover, privacy and accountability concerns have given rise to an increasing number of voluntary standards—such as ISO 17799 and CobiT— which businesses may choose to use to remain competitive and instill business partner and consumer confidence.
Many heavily regulated companies are forced to comply with multiple federal, state and international mandates, which take a significant toll on corporate resources. In an attempt to balance the numerous industry and federal regulations facing them, many companies installed unique IT controls for each individual mandate and quickly became mired in compliance silos.
The staggered maturity of the different regulations caused many businesses to treat each regulation as an independent project. As each new regulation came into play, it was rarely integrated into existing compliance activities but assigned its own resources.
Unfortunately there is no silver bullet or one-size-fits-all industry approach to comply with all applicable laws and regulations, while also meeting client requirements. Instead, what is needed is a layered, industry-focused approach to compliance and security.
Sword & Shield compliance strategy is based on best practices that include:
FISAP for service providers
FFIEC/GLB for financial institutions
PCI-DSS for payment card processing
HIPAA for health care
NERC-CIP for energy utilities
ISO 27001 as a framework for all industries