| |
|
|
The
Security Health Check
Does your
company have an overall vision of the effectiveness of its current
security plan?
Are the right
Information security procedures implemented to protect your vital business
information ?
PolyCommerce's Security Health
Check process will identify both strengths and weaknesses in your company's
Information Security Policies and Procedures. The Security Health Check
exercise will identify security vulnerabilities and inadequacies in your
current security infrastructure and help you implement improved security
procedures, controls and processes to enable optimum security.
Careful, repetitive reviews
of an enterprise's environment is necessary to ensure security implementations
are appropriate, secure, and cost effective to operate.
All enterprises need
to understand at a high level, their overall security posture and
whether or not they
are generally compliant with industry standards and norms. Reviews of
their security posture need to cover all general areas from Business Continuity
Planning to Intrusion Detection and Anti-Virus programs.
| Ten
Areas Addressed as specified by the ISO 17799 Standard |
| 1 |
Business
Continuity Planning |
Assess
and recommend changes to BCP processes such as data backup/restore,
offsite storage/retrieval and recovery procedures. |
| 2 |
System
Access Control |
Strength, viability
and recommendations for authorization/ authentication, intrusion detection
and mobile computing needs. |
| 3 |
System
Development and Maintenance |
Topics reviewed
include baseline/source Control, development/QA/security assurance
methods and project lifecycles. (Also the focus of Common Criteria
standards) |
| 4 |
Physical
& Environmental Security |
To include physical
access, fire suppression and power conditioning/backup. |
| 5 |
Compliance |
e.g., HIPAA.
Gramm/Leach/Bliley (GLB), audits, defacto industry guidelines compliance
(e.g. - VISA privacy rules). |
| 6 |
Personnel
Security (Protection from Insiders) |
Inclusive of
new hires, user profiles/ monitoring, proper usage policies. |
| 7 |
Organization |
Scope to include
role definition and assignments, reporting and consistency. |
| 8 |
Computer/Network
Management |
Effective usage
of monitoring methods/tools, preventive maintenance, and performance
metrics. |
| 9 |
Asset
Classification Controls |
Level of importance,
tracking and control, retirement and disposal. |
| 10 |
Security
Policy |
Written statements,
strategic value of assets vs. the business model and other relative
priorities. |
Click here
for the Health Check Process
|
|
|
|
|
|
