Sign In
SecureState home
SecureState
Skip navigation links
About Us
Audit & Compliance
Profiling
e.Discovery
Risk Management
Government
Skip Navigation LinksSecureState > Audit & Compliance > INFOSEC


Skip navigation links
Audit & Compliance
Audit & Compliance
INFOSEC
Payment Card Industry
NERC CIP
ISO 27001
ITIL Security
HIPAA
TG-3
SAS 70
SOX
GLBA
External CPA Support
Control Framework Review
Cross Compliance Mapping
Continual Compliance
AC Training
Contact Us
Careers
Clients By Industry
Competitive Landscape
Media Center
Free Tools
Events
FAQ
Blog

INFOSEC 


Risk Assessments are the first step to finding out what information you need to protect.  They help you identify what data you need to protect, the controls around that data and the risk level of each of those areas. SecureState offers two separate INFOSEC services: Business Area and Business Process.

Why we're the best:

  • SecureState’s INFOSEC Risk Assessment conforms to the National Security Agency’s (NSA) Information Assessment Methodology (IAM)  
  • During the INFOSEC Risk Assessment, SecureState’s consultants identify critical assets and define the requirements to protect those assets
  • SecureState will develop an understanding of the environment and business processes, allowing SecureState to map out a critical information process and determine if an associated vulnerability will have a direct business impact 

Business Area INFOSEC What we do:

1. SecureState Compliance Framework (For more info click here)

2. Interview Business Area Owner for Security Perspective and Asset Criticality

During these interviews, SecureState's consultants will identify what each business area owner is doing to secure their assets and identify what level of importance the assets in those areas carry.

Business Process What we do:

1. SecureState Compliance Framework (For more info click here)

2. Meet with business owner for overview of key business process

SecureState's consultants will meet with each line of business owner to discuss the process in place for that business and learn how they use the data.

3. Meet with the administrators for detailed data flow, systems, architecture and security

SecureState's consultants will discuss with the administrators how the underlying infrastructure supports and protects the data important to each line of business

What you get:

1. SecureState Compliance Deliverables (For more info click here)

2. Gap Analysis

SecureState's consultants will provide an analysis of the Gaps between your current state and your desired state as they pertain to the 16 points. 

 

 3. Certificate of Annual Risk Assessment

SecureState will provide a certificate that demonstrates your company is concerned about security.  This certificate demonstrates due diligence to customers and business partners.

 

 

 

 
For more information download the PDF version of the INFOSEC

Assessments do not mitigate risk! They simply identify it!

The INFOSEC Assessment deals with 16 parts of security:

1. Information Security Standards and Policies

2. Organizational Security

3. Asset Classification

4. End User Computing Security

5. Physical / Environmental Security

6. Remote / Mobile Computing Security

7. Network Security

8. Application Development Security

9. Business Continuity Planning (BCP)

10. Information Security Awareness

11. Incident Response Plan (IRP)

12. Operating System Security

13. Wireless Security

14. External Presence Security

15. Voice Communication Security

16. Governance and Compliance


Virtual Compliance Officer

SecureState will utilize its proprietary tool, the Virtual Compliance Officer, to develop a GAP analysis for the 16 points of security (sidebar).  This will identify the gaps between your company’s current state and desired state (link to states of security page). 


Chat Live with SecureState

Website designed and developed by SecureState, © 2008 SecureState LLC. All rights reserved. | Privacy Policy | Report discrepancy