Risk Assessment, Gap Analysis & Audits
Gap Analysis
Completion of Test of Key Controls, assessing the administrative, technical and physical safeguards in place to protect the organization’s sensitive internal and client information.
Audit
Identify any potential internal and external threats as it relates to your organization’s information technology infrastructure as within the guidelines of the NIST Cybersecurity Framework.
Risk Assessment
Assignment of risk ratings for each item tested, share recommendations for mitigating potential information security threats to assist with the reduction of associated risk.
Risk Assessment
At Intrinium, we recommend Risk Assessments to help organizations understand the risk as it stands in a client’s current environment. The assessments are customized for the needs and controls within a organization, this could include assessing your digital and physical environment depending on the regulatory requirements and standards. This will also help clients understand potential options and strategies for managing these risks to a level that works for their business continuity.
Risk Assessment is the combined effort of executing the following:
Identifying and analyzing potential (future) events that may negatively impact individuals, assets, and/or the environment (i.e., risk analysis)
Making judgments “on the tolerability of the risk on the basis of risk analysis” while considering influencing factors (i.e., risk evaluation)
Completion of Test of Key Controls, assessing the administrative, technical and physical safeguards in place to protect the organization’s sensitive internal and client information
Identify any potential internal and external threats as it relates to your organization’s information technology infrastructure as within the guidelines of the NIST Cybersecurity Framework
Assignment of risk ratings for each item tested, share recommendations for mitigating potential information security threats to assist with the reduction of associated risk
Gap Analysis
Intrinium’s Gap Analysis will be performed to identify problem areas that could result in the failure of an Attestation of Compliance engagement. Intrinium will interface with your staff to simulate testing that would arise during an actual Attestation of Compliance engagement. Items evaluated will include all areas required by either the PCI Security Council, HIPAA, FFEIC, GLBA and other regulatory requirements as needed.
Gap Analysis is the combined effort to fully understand where your business stands as it relates to your security posture:
What is the state of our organization at the time of the analysis?
Where do we want to be as an organization?
How are we going to close the gap?
Audit
Intrinium’s Audit will be performed to examine the management controls within an Information Technology infrastructure and provide a comprehensive review of an organization’s adherence to regulatory guidelines. Our Auditors will work with your team to evaluate the state of your organization as it relates to all areas required by either the PCI Security Council, HIPAA, FFEIC, GLBA and other regulatory requirements as needed.
Our reports will address the following:
Compliance Preparations
Security Policies
User Access Control
Risk Management Procedures
Intrinium provides the following solutions:
HIPAA Risk Assessment, Gap Analysis and Audits
NIST CSF Assessment, Gap Analysis and Audits
SANS Top 20 Risk Assessment, Gap Analysis and Audits
PCI DSS Cyber Risk Assessment, Gap Analysis and Audits
We are here to help, contact us today.
Best Practices: Fortinet FortiGate Firewall Hardening
By Sahan Fernando - Director, Managed Security - Intrinium As business needs continue to develop, many organizations are turning to devices to effectively provide availability, confidentiality, and integrity for their networks. The buzz around “next-gen” firewalls is...
Understanding Incident Response, Planning and Cyber Insurance
In less than one year, we’ve seen whole cities taken out by ransomware with no business continuity or disaster recovery plan in place to bring themselves back up- but it’s not just cities that don’t have a plan for when a catastrophe (digital or physical) hits.
Having a plan to restore business operations will save time, money, and stress, but that’s half the equation. The other half is to practice the plan, make sure all the moving pieces fit together and make sure everything is practical and timely. Enough businesses have spent six digits or more due to not having an incident response plan- set your business and your industry apart.
Incident Response Plans: More Planning, Less Panic
In less than one year, we’ve seen whole cities taken out by ransomware with no business continuity or disaster recovery plan in place to bring themselves back up- but it’s not just cities that don’t have a plan for when a catastrophe (digital or physical) hits.
Having a plan to restore business operations will save time, money, and stress, but that’s half the equation. The other half is to practice the plan, make sure all the moving pieces fit together and make sure everything is practical and timely. Enough businesses have spent six digits or more due to not having an incident response plan- set your business and your industry apart.
Multi-factor Authentication 101
Multi-factor authentication (MFA) is a method of authentication in which a computer user is given access after presenting two or more pieces of evidence or factors to an authentication mechanism.
The Case for Password Management Software
Password Managers do just that, allowing you to almost outsource the storing, memorization, and generation of passwords while maintaining only a single password that you have to remember to access the rest.
The Low Down on Intrusion Prevention and Detection Services
By Samantha Agather, Information Security Analyst - Intrinium The Low Down on Intrusion Prevention and Detection Services In an ideal world, companies could focus all their time and resources on their products and services. However, our world is far from perfect, and...
Tribe of Hackers Interview with Kylie
Chiara Morrison, Marketing, Manager sat down to interview Manager, Security Consulting, and the founder of DC509, Kylie Martonik to talk about her contribution to the new the book, Tribe of Hackers.
IT Management Improves Productivity, Enhances Performance, and Boosts ROI
One of the easiest and most effective ways to boost your organization’s performance metrics might be to hand the management of your network over to a highly qualified firm. When it comes to operationalizing your network, a business’ managed IT services provider can...
Capture the Flag Comes to Spokane
Chiara Morrison - Manager, Marketing Spokane Mayor's Cyber Cup 2019 Chiara Morrison sat down to interview the creator of Spokane Mayor’s Cyber Cup 2019, Max Dulin, Senior at Gonzaga University, Computer Science Major. Chiara: Max, can you tell me a little bit about...
What is an Internal Vulnerability Test?
Chiara Morrison - Manager, Marketing What is an Internal Vulnerability Test? The Intrinium Internal Vulnerability Assessment evaluates IT security from the inside of your organization and identifies critical vulnerabilities that could be exploited by attackers that...