The Information Security Assessment (ISA) helps businesses understand how they can:
- Protect data
- Enhance internal systems
- Increase user productivity, and
- Protect businesses and customers from malevolent attacks.
The assessment is conducted in-person and on-site based on proprietary questionnaires. It includes, but is not limited to: documentation, personnel interviews, site surveys, and system scans.
The scope of the ISA includes application, system and network vulnerabilities; gaps in IT security governance; assessment of patching methodologies; current network security capabilities and potential existing security incidents. The assessment and reporting will be based on the NIST (National Institute of Standards and Technology) security controls.
After entering into a mutal non-disclosure agreement (NDA) to protect sensitive information, the ASC Group will begin to execute the ISA tasks. This includes reviewing documents, interviewing employees, scanning for vulnerabilities, analyzing the network, reviewing the architecture, as well as other work as needed. This data is compiled into a single ISA Report.
You will be asked to participate in the Security Assessment Questionnaire (SAQ). The SAQ is an in-depth questionnaire that collects information about how your company manages data, protects personally identifying information (PII), and addresses proactive and reactive security practices, among other items. You will also be asked to provide the ASC Group with access and permissions to your systems.
The ASC Group will deliver a high-quality, professional report as part of an in-person presentation. The reports are tailored to meet your needs to clearly outline the findings and observations of the ISA.
The report includes:
- Assessment Findings
- Potential Business Impact
- Recommendations for Remediation
The reports are designed to be relevant and readable for all levels within an organization: C-Suite, board-level, and technical teams.
Last Update: March 2020