|
Enterprise Security Assessments
BUSINESS CHALLENGE
Businesses must be able to protect and trust their information. In order to do this, they must
control and secure their information and be able to measure and analyze the risks involved. Without a
complete picture of enterprise risk, businesses will be unable to make sound business decisions with
respect to information asset protection. Often, assessing risk internally is fraught with challenges,
such as a lack of staff with the specific skills necessary, so businesses often seek credible, professional,
and unbiased third-party assessments of their security program.
COVESTIC'S SOLUTION
Covestic provides an enterprise security assessment that examines network/host vulnerabilities, specific application
risks, and security control status. Our security assessments are designed to identify the risks, where they reside,
and what impact they may have on business operations. This provides our clients with an evaluation of their
operational and technical functions as they relate to the overall security posture, vulnerabilities, threats,
and business risk. It also addresses the organization's capability to support a security program from an
operational and technical standpoint.
Covestic has developed a comprehensive process for conducting assessments:
- Covestic first identifies the organizational business structure by interviewing a variety of
individuals to determine the relative importance of critical functions and the assets that support
them. Part of this process also involves identifying a level of risk tolerance for critical functions
and assets.
- With the information gathered, vulnerability information is assessed using soft and hard methods.
The results are then analyzed to determine potential impacts to business operations.
- A gap remediation plan is developed and presented, to be implemented as controls.
- Covestic can also execute validation testing to determine if the controls are functioning
as intended.
The final phase is to make sure there is an ongoing, consistent monitoring effort the client can maintain using staff or contract personnel.
COVESTIC ADVANTAGE
Founded on the principle that seasoned experts representing a combination of consulting and practical
application experience are a critical component of technology-based initiatives, Covestic employs more
than eighty industry-recognized consultants who have fostered the growth of information technology and
related disciplines. Covestic team members are drawn from a variety of well-respected
professional services firms and technology-oriented industry players to compose integrated,
cross-disciplined teams. With expert professionals in all aspects of I.T. security consulting
and business risk management, Covestic teams have successfully designed and implemented security
solutions for local, state, and federal government agencies, and for Fortune 500 firms.
|
