Information Security Assessments

Assess, evaluate and enhance your overall security posture

Ntrust Advisory delivers Information Security Assessments that allow organisations to assess, evaluate and enhance their overall security posture. This enables security, operations, organisational management and other personnel to collaborate and view the entire organisation from a threat actor’s perspective. This process is required to obtain management’s commitment to allocate resources and implement the appropriate security solutions.

As part of the Information Security Assessment, a comprehensive Risk Assessment assists in identifying and determining the value of the various information assets generated and stored across the organisation. This allows organisations to take a risk based approach to enhancing their control environment.

Information Security Assessments can be done against a variety of standards or frameworks, including ISO27001, CIS 20, NIST Cybersecurity Framework and PCI DSS.

Ntrust Information Security Assessment Approach

Methology

Ntrust Advisory follows a risk based approach to all Information Security Assessments, allowing for the prioritisation of controls and recommendations based the most critical risk factors facing the organisation.

Although this approach is not a substitute for legal compliance, it can help organisations decide how to prioritise risks, determine and allocate budgets and make good decisions on the kinds of issues on which they need to focus.

Assess
Respond
Protect

Assessment Objectives

Regulatory

Regulatory requirements are driving organisations to re-assess their security posture. Although regulations do not always prescribe on how to control or secure systems, they often require that systems be secured appropriately and that organisations can demonstrate through audit that their security and control infrastructure is adequate and effective. Independent Information Security Assessments can facilitate in providing this evidence.

Productivity

Information Security Assessments will enhance the productivity of IT operations, security and audit. A formalised review, remediation and implementation plan will drive operational efficiency.

Communication

By acquiring information from multiple parts of an organisation, a Information Security Assessment boosts communication and expedites decision making regarding security projects, implementation and business needs.

Cost Justification

Added security usually involves additional expense. Since this does not generate easily identifiable income, justifying the expense is often difficult. An effective Information Security Assessment process should inform key business executives on the most critical risks associated with the use of technology and facilitate justification for security investments.

Breaking Barriers

Information Security requires a collaborative approach from both business and IT. Organisational management is accountable for making decisions that relate to the appropriate level of security for the organisation. The IT staff are responsible for making decisions that relate to the implementation of the specific security requirements for systems, applications, data and controls. An independent Information Security Assessment can break the perceived barriers between organisational management and IT.

Assessment Types

These assessments types can be customised or combined to suit particular requirements.

Security Controls Assessment

An analysis of applicable implemented security controls in your environment against a desired state of controls as set forth by a selected framework or best practice. This assists in compliance and alignment efforts embarked upon by the organisation.

Risk Assessment

Often seen as the first step towards an effective information security program, risk assessments determines the risk that your information assets are exposed to and includes an industry specific threat assessment and gap analysis of security controls, based on your selected framework or best practice.

Vulnerability Assessment

A broad technical assessment designed to find as many of the vulnerabilities as possible that are currently present in an environment. This assists in verifying the perceived security maturity and implemented control effectiveness while highlighting possible blind-spots or shortcomings.

Penetration Test

Each penetration test has clear goals set as deliverables. These tests mimics the actions a threat actor might take to compromise your information assets. The goal could be to obtain some clearly defined confidential information or gain unauthorised access to a particular system, thereby delivering insight to an organisation as to potential weaknesses.

Incident Response Assessment

A readiness assessment to evaluate an organisation’s ability to respond to an information security incident in an effective and pragmatic manner. At Ntrust Advisory, we believe in the concept of “Continuous Response” and we assist organisations in maturing their Incident Response programs from a reactive to a continuous one.

Information Security Assessment

A complete assessment consisting of a risk assessment, gap analysis, technical vulnerability assessment, penetration test, risk register and treatment plan or roadmap.

Get in touch to enhance your overall security posture