Security

Thorough analysis, assessment and audit of your company’s IT security.

Security Audits are a way to increase information technology (IT) security for your business.

Audits are conducted with all of an Organization’s computers and servers and business processes. They are helpful in making an organization aware of IT security issues that may exist within their systems. The System Auditor (SA) needs the full cooperation of an organization being audited. Once the organization grants the SA access to its facilities, provides network access, and outlines detailed information about the network, the SA is able to study security and identify improvements to make the systems secure.

The audit methodology includes the following steps.

Requirement Study and Situation Analysis

This includes initial research of your company’s policies and procedures, applicable laws, and security best practices. The SA then creates a scope document. The scope document includes an audit strategy, which outlines what is to be looked at and how it will be handled in addition to an audit checklist. The scope document is signed and approved by the data owner.

Entrance Conference

In the entrance conference the scope document will be reviewed with key personnel as well as the audit process, audit roles, and the time frame for the audit.

Fieldwork

Fieldwork is done in a systematic manner according to the previously developed checklist. The fieldwork will be defined in the scope document and can include any of a variety of assessments such as vulnerabilities, risk, compliance, controls, and gap analysis.

The Report

The Audit Report includes*:

• Introduction of system being audited and background information
• Executive Summary and Management Summery
• Scope and objectives of the assessment
• Requirements for compliance*
• Comparison against existing policies and procedures*
• Limitations of the assessment
• Tools and Methods used to run the assessment
• Description of the network and current environment*
• The vulnerability assessment results*

Risk assessment results include**:

• Identification of assets
• Identification of threats
• Vulnerabilities
• Impact and likelihood of risks
• Risk results analysis

* depending upon the scope
** Risk Assessment implies a vulnerability assessment

Exit Conference

The exit conference will review the report with key personnel and answer questions about the findings. The scope document will be reviewed to demonstrate how the results align with the initial requirements set forth in the scope document.

The goal of a security audit is to make sure that the necessary security controls are incorporated into an organization’s process of doing business.

Professional Certifications for those who would handle your Security Audits should include at least one of the following:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• GIAC Systems and Network Auditor (GSNA)
• GIAC Certified ISO-17799 Specialist (G7799)

MPICA 201 CMR 17.00 Compliance Service

NSK Inc. provides a compliance assessment service (MPICA™ – Massachusetts Personal Information Compliance Assessment) to organizations in Massachusetts required to comply with MGL Chapter 93H 201 CMR 17.00. This law concerns any Massachusetts organization that stores or maintains personal information about a Massachusetts resident, including employees.

MPICA™ provides a detailed report that explains what your organization will have to do in order to become compliant with the computer system security requirements detailed in 201 CMR 17. Once you have the results of the report, you can choose when and how to carry out the projects.

Related Packages & Services

NSK InclusiveThe complete bundle of services no business should be without.
Monitoring Stay on top of your IT system performance and stability.
Antivirus Protection from spam and malware.