In this exclusive article for CyberCentric, Subbin Varghese (Cyber Security Practice Consultant) from Intertec Systems, highlights the current state assessment to understand the security capabilities of the organization and identifying vulnerabilities are the initial steps towards protecting confidentiality, integrity and availability of the critical data. Some of the organizations perform the same only from a compliance or regulatory requirement; leaving unknown of the security risk which could impact the organization by means of leakage of sensitive date, reputation damage due to cyber-attack and breach resulted from the same. Evaluation of the current information security posture of the organization should be the first step for developing the security strategy and road map of the organization.
Our Information security assessment would provide a comprehensive visibility of the existing security landscape in reference to latest regulatory requirements and industry best practices. By means of the security assessment the consultant would consolidate details of the current established security controls and perform a risk assessment to identify the security risks and provide appropriate recommendations and risk mitigation controls. Additionally it’s important that the business risks are highlighted in the terms of the business operating objectives.
Identifying information security and network exposures
Our security specialist can help you understand current information security exposure to control the potential impact of security vulnerabilities. Below would be the tests which would be performed by the security specialist:
- External and Internal Network Vulnerability scans
- Infrastructure Vulnerability Assessment and Penetration testings
- Application security assessment to identify security weakness in application design and implementation (Black box & Grey box testing)
- Mobile Application Penetration testing
- Wireless penetration testing and wireless network security assessment
Post actions
As the assessment helps protect confidentiality, integrity and availability of data it should have an actionable plan to improve the overall security posture of the organization based on business needs. An executive report for the management and also a detailed technical assessment report is prepared for resolution and action plan for the identified issues. The report is an output of both the proprietary and industry leading security assessment tools with in-depth analysis to enhance the security posture of the organization. We would also recommend a re-validation exercise to be performed within 30-45 days of the initial assessment performed.
Supporting regulatory compliance and effectiveness
The security assessment provides an analysis of the technical security controls and mechanisms, for identifying and reducing the risk. Also we can review the security policies, procedures and practices in reference to ISO 27002, best practices and business objectives. All of the above would help you improve your security effectiveness by working with your key staff and management to design a customized plan suited to your security goals.
About the Author : Subbin Varghese from Intertec Systems works as a Cyber Security Practice Consultant and has more than 14 years of experience of reviewing and auditing information systems and technology. He has worked on variety of assurance and advisory projects that include IT security, regulatory compliance, risk management; he also has been primarily involved in analyzing risks to businesses arising from technology failures and developing strategies for securing infrastructure.