home
about us
products & services
analysis slash delivery slash testing slash operations slash awareness
news events
case studies
resources
contact us
* *
health check previous servicenext service

headlines

security threats materialise as legal and commercial risks

fundamental responsibility of Company Management to ensure reasonable measures are taken to mitigate security risks

key is a balance between risk mitigation and business priorities in a well planned security management programme

expert independent assessment of security controls and practices:

benchmark set and agreed through impact analysis

targets for good security relevant to organisation and business environment

ISO17799/BS7799 - a proven, comprehensive framework

real value from a short, concise audit period, with minimal client disruption


issues

Security threats have the potential to materialise as both legal and commercial risks within an organisation. It is a fundamental responsibility of Directors and all levels of Company Management to ensure that reasonable measures are taken to mitigate such risks.

Risks that materialise can impact an organisation in many ways; the impact undermining Confidentiality, Integrity and/or Availability of critical information and systems. The scope is wide ranging and identification and analysis in some areas will require specialist knowledge. The key is to conduct an objective analysis of the risks, their impact on the assets of the company and achieve a balance between risk mitigation and business priorities in a well planned security management programme. In achieving this, experience and independence are essential to achieve true objectivity and avoid overlooking potentially critical issues while concentrating on others.

The healthcheck is a broad-spectrum assessment of security, using ISO17799/BS7799 as a guiding framework. It should be considered the minimum starting point for any organisation to ensure its commercial and legal responsibilities are addressed.

approach

The healthcheck combines inspection, interview and observation to draw up a picture of the effectiveness of a wide range of information security controls. These include organisational and procedural controls as well as security technology.

The elements are:

  • impact analysis - sets the standard for security achievement based on pain suffered if security fails
  • interviews - meetings with key business staff to evaluate security controls
  • inspection and observation - visit and review of significant locations and facilities
  • documentation overview - completeness and effectiveness of security policies and procedures
  • analyse & report - collation and analysis of data and findings followed by a report presenting conclusions and recommendations
customer benefits

commissum provides the customer with an expert, independent assessment of the effectiveness of their security controls and practices.

  • benchmark set and agreed early in the exercise through the impact analysis
  • targets for good security practice defined - relevant to the organisation and its business environment
  • ISO17799/BS7799 provides a proven and comprehensive scoping framework
  • standard commissum processes and report formats reduce set-up overheads and timescales
  • real value from a short, concise audit period, with minimal client disruption

Note: You can download details of this service as a Adobe Acrobat PDF by clicking on the button above. If you do not already have Acrobat Reader, you can download it for free from the downloads page.
health
check		 ISO17799 / BS7799
gap analysis		 detailed
audit		 snapshot  
   
site map

slash

 terms & conditions © 2001-2008 commissum