Information security risk assessment is the process used to identify and understand risks to the confidentiality, integrity, and availability of information and information systems. In its simplest form, a risk assessment consists of the identification and valuation of assets and an analysis of those assets in relation to potential threats and vulnerabilities, resulting in a ranking of risks to mitigate. The resulting information should be used to develop strategies to mitigate those risks.
Lares Active Risk Exposure System Assessment. This state of the art system of exposing information security risks quickly and directly identifies key corporate assets and their current protection strengths. This unique assessment identifies the real world weakness and strengths of the clients protection systems on all levels of security posture (physical, logical, electronic, social, environmental and business process/structure). The result of this assessment enables clients to find out their true level of defense against generic and sophisticated attacks. Lares will then build a protection and remediation strategy to enable the business to operate in a more secure and efficient manner.
The GLBA assessment process is designed to identify measure, manage, and control the risks to system and data availability, integrity, and confidentiality, and ensure accountability for system actions within financial institutions. This particular assessment will follow the guidelines as provided by GLBA and FFIEC to assess the current level of compliance to GLBA and relative security of the environment.
Section 164.308(a)(1) of HIPAA requires an organization to conduct the risk analysis of the organization. This analysis is required to understand the flow of e-PHI(Electronic Protected Health Information) in the organization and the result of this analysis will facilitate creation of security policies & procedures and support the recommendation to initiate the HIPAA Security Compliance related remediation activities. This assessment will enable organizations to gain a full understanding of their compliance with HIPAA, provide a gap analysis against current security controls, and provide a remediation plan to achieve full compliance.
Section 164.308(a)(1) of HIPAA requires an organization to conduct the risk analysis of the organization. This analysis is required to understand the flow of e-PHI(Electronic Protected Health Information) in the organization and the result of this analysis will facilitate creation of security policies & procedures and support the recommendation to initiate the HIPAA Security Compliance related remediation activities. This assessment will enable organizations to gain a full understanding of their compliance with HIPAA, provide a gap analysis against current security controls, and provide a remediation plan to achieve full compliance.
ISO/IEC 27002 and its related code of practice, ISO/IEC 17799, provide internationally- accepted, standardized criteria to implement an effective information security management system.
The basis for the standard is that information is an organization's most valuable asset. As a valued asset, information must be managed and protected from internal and external threats. In order to protect its information assets, the organization must develop sustainable security measures and integrate those measures into its business processes. ISO/IEC 27002 and ISO/IEC 17799 assessments provide strategic and tactical direction for assessing, measuring, and preventing threats, and propose a range of security controls focused on safeguarding information assets.
Analyze the security threats to the client's environment and evaluate the level of compliance with PCI DSS Standards. This analysis will identify potential business risks created by information risks. The "Report on Compliance Assessment" takes into account only those risks as discovered through workshops, interviews conducted with IT staff, and assessment services based on Lares Risk Assessment Methodology & PCI Standard Assessment Requirements. This enables IT management and senior management to jointly assess the impact of risk and risk mitigation options on their business objectives and strategy. This will also serve as a readiness assessment to understand the client's level of compliance with PCI Standards.
The IAM consists of a standard set of activities required to perform an INFOSEC assessment. In other words, the methodology explains the depth and breadth of the assessment activities that must be performed to be acceptable within the IATRP. The IAM "sets the bar" for what needs to be done for an activity to be considered a complete INFOSEC Assessment. Providers who advertise an INFOSEC assessment capability and consumers seeking assistance in performing INFOSEC Assessments should use the IAM as the baseline for their discussions. Because the IAM is a baseline, providers can expand upon it to further meet the needs of the customers.
Assessments for compliance to standards and practices per the North American Electric Reliability Council regulations
Assessments for compliance to the standards and practices per the Federal Energy Reliability Council regulations
Assessment of National Institute of Standards and Technology compliance per government body
Physical and Network assessment of SCADA ( Supervisory Control And Data Acquisition) systems