Security Risk Assessments
Risk Assessments are essential for understanding your organizations cybersecurity program status. They are the first step in ensuring the security of sensitive information is to conduct a complete, comprehensive risk assessment to evaluate the threats, weaknesses and necessary steps to protect your company, employees and customers.
A common question is whether it’s required to have a 3rd party perform the security assessment. The answer is “it depends”. It depends on the purpose of the assessment or audit. For many frameworks a 3rd party accessor is required in order for the proper report and certification. What about HIPAA?
HIPAA does not require a 3rd party assessor. In fact, there are self-assessment tools recommended by OCR. Just because a self-assessment is budget friendly doesn’t mean it’s a good long term decision. Does your team have the expertise, independence and bandwidth?
Unidentified risks cannot be corrected and could lead to a breach or significant problem. It’s very common for decision makers to place less emphasis on the results of internal assessments than those performed by 3rd party accessors. Failing to gain support for the results will mean lack of management support and budget necessary to correct the risks.
Types of security risk assessments we offer:
OUR SECURITY RISK ASSESSMENTS FOLLOW A PROVEN 4-STEP PROCESS THAT’S EASY FOR YOU & SECOND NATURE TO US
our security risk assessment strategy
- Identify gaps in compliance relative to HIPAA/HITECH, PCI, FISMA, NIST, ISO and GDRP, among others
- Determine overall security posture (technical, administrative and physical)
- Include network penetration testing (blind/internal/external) and vulnerability analysis
- Document threats and vulnerabilities with operations and IT security
- Review existing corporate policies and procedures
- Review DRP (disaster recovery plan) and business continuity plan
- Provide detailed findings and recommendations with prioritized next steps
- Include knowledge transfer with key personnel and management presentation of findings
Contact us to learn more about our fast timelines and how our Actionable Findings Report focuses on quality, not quantity, fixes.