InfoDefense - Information Security Audit and Assessment

InfoDefense offers a wide range of risk-based information security audit and assessment services that were designed to meet your organization's specific requirements. Below is a high-level overview of our each service.

Enterprise Information Security Assessment - The Enterprise Information Security Assessment is our most comprehensive security controls review. This service is designed to thoroughly identify critical information assets, threats and vulnerabilities. InfoDefense uses its proprietary assessment methodology, which is based on the NSA INFOSEC Assessment methodology, ISO 17799 and COBIT, to ensure consistent results. Contact us for more information about the InfoDefense Enterprise Security Assessment Service.

Information Security Audit- An Information Security Audit is very similar to an Enterprise Information Security Assessment. The main difference is that our audit team generally reports directly to the CEO or board of directors whereas the assessment team may report to the CIO or a director. Another difference is that audits are not available to our existing security services clients (other than annual audit services) as we are required to maintain independence. Contact us for more information about our audit services.

Regulatory Compliance Assessment - The Regulatory Compliance Assessment is designed for companies and goverment organizations who are bound by the information security provisions within HIPAA, GLBA, FISMA and the Sarbanes-Oxley Act. This service is designed to verify compliance. We review enterprise-wide security controls as well as the security controls protecting the specific information that the law addresses. In general it is a little less comprehensive and less expensive than an Enterprise Information Security Assessment. Contact us for more information about the InfoDefense Regulatory Compliance Assessment.

Internet Security Assessment - The Internet Security Assessment is designed to review your organization's network perimeter for vulnerabilities. During an Internet Security Assessment, InfoDefense's experts will perform a network security scan, review firewalls, Internet exposed servers, remote access devices and wireless access points. Contact us for more information about the Internet Security Assessment.

Internal Network Security Assessment - The Internal Network Security Assessment is designed to review your organization's internal networks for vulnerabilities. During an Internal Network Security Assessment, InfoDefense's experts will scan your entire network for known vulnerabilities. This scan includes all servers, workstations and network devices. Contact us for more information about the Internet Network Security Assessment.

Controlled Penetration Testing - A penetration test evaluates systems using common hacking techniques. InfoDefense performs penetration tests in a methodical manner in order to minimize the possibility of system disruption. The penetration testing process consists of network discovery, network mapping, host enumeration, exploit discovery and exploit application. Contact us to learn more about our controlled penetration testing service.

It is often difficult to determine the real value of information security investments since they do not produce revenue. They instead protect against potential losses. These losses may or may not be realized. As a result, decision-makers are often reluctant to make security investements. There is a way, however, to maximize your security investment and measure its return through risk assessment and return on security investment analysis. This information can be used to prioritize information security investments and help justify additional expenditures.

     There is a fair amount of effort involved and it may require expert help from outside your company, but it will be well worth any investment in time or resources. When your are done with this exercise, you will have an intimate understanding of the value of your information assets as well as priorities for additional security investment and a baseline for measuring results.

     From a business perspective, information security is a function of risk management. Using standard risk assessment techniques and formulas, your organization can focus its limited resources on protecting its most critical information assets. In this process you will determine the risks to specific information assets and develop priorities for reducing them.

     Your company has the option of performing the risk assessment internally or contracting with an outside firm such as InfoDefense to help guide you through the process. Either way, your firm will benefit most if senior level management is closely involved in the process.

home | services | products | resources | contact us