Information Security Risk Assessment

Information Security Risk AssessmentTrue’s information security assessment will identify what you are currently doing to protect your information, assess its effectiveness against industry standards, inform you of your current risk, and give you customized priorities for moving your company toward an improved security posture. The assessment is based on the information security principles defined in the internationally recognized standard ISO/IEC 27002 (formerly ISO/IEC 17799:2005).

A True Information Security Risk Assessment looks at your business holistically. True’s certified professionals will interview key personnel across your organization examining the following areas:

Procedural Security
  • Information Security Policies and Documentation
  • Operational Procedures and Responsibilities
  • Organization of Information Security
  • Third Party Management
  • Personnel Security & User Training & Awareness
  • Information Security Incident Management
  • Business Continuity Management
  • Compliance
Technical Security
  • Protection Against Mobile and Malicious Code
  • Back-up
  • Electronic Commerce Services
  • Monitoring
  • User Access Management
  • Access Control
  • Correct Processing in Applications
  • Cryptographic Controls
  • Technical Vulnerability Management
  • System Planning and Acceptance
  • Software Development and Control
Physical Security
  • Secure Areas
  • Inventory
  • Information Classification and Handling
  • Secure Disposal
  • Environmental Security
  • Offsite Protection
Upon completion, you will receive a comprehensive report detailing the findings and recommendations for each area investigated as well as a high level picture of your company’s overall status. True will develop a customized remediation road map based on the gaps identified. True’s report will equip you with the knowledge necessary to reduce your company’s risk. Contact True to learn more.