Risk Assessment, Gap Analysis & Audits
Completion of Test of Key Controls, assessing the administrative, technical and physical safeguards in place to protect the organization’s sensitive internal and client information.
Identify any potential internal and external threats as it relates to your organization’s information technology infrastructure as within the guidelines of the NIST Cybersecurity Framework.
Assignment of risk ratings for each item tested, share recommendations for mitigating potential information security threats to assist with the reduction of associated risk.
At Intrinium, we recommend Risk Assessments to help organizations understand the risk as it stands in a client’s current environment. The assessments are customized for the needs and controls within a organization, this could include assessing your digital and physical environment depending on the regulatory requirements and standards. This will also help clients understand potential options and strategies for managing these risks to a level that works for their business continuity.
Risk Assessment is the combined effort of executing the following:
Identifying and analyzing potential (future) events that may negatively impact individuals, assets, and/or the environment (i.e., risk analysis)
Making judgments “on the tolerability of the risk on the basis of risk analysis” while considering influencing factors (i.e., risk evaluation)
Completion of Test of Key Controls, assessing the administrative, technical and physical safeguards in place to protect the organization’s sensitive internal and client information
Identify any potential internal and external threats as it relates to your organization’s information technology infrastructure as within the guidelines of the NIST Cybersecurity Framework
Assignment of risk ratings for each item tested, share recommendations for mitigating potential information security threats to assist with the reduction of associated risk
Intrinium’s Gap Analysis will be performed to identify problem areas that could result in the failure of an Attestation of Compliance engagement. Intrinium will interface with your staff to simulate testing that would arise during an actual Attestation of Compliance engagement. Items evaluated will include all areas required by the either the PCI Security Council, HIPAA, FFEIC, GLBA and other regulatory requirements as needed.
Gap Analysis is the combined effort to fully understand where your business stands as it relates to your security posture:
What is the state of our organization at the time of the analysis?
Where do we want to be as an organization?
How are we going to close the gap?
Intrinium’s Audit will be performed to examine the management controls within an Information Technology infastructure and provide a comprehensive review of an organizations adherence to regulatory guidelines. Our Auditors will work with your team to evaluate the state of your organization as it relates to all areas required by the either the PCI Security Council, HIPAA, FFEIC, GLBA and other regulatory requirements as needed.
Our reports will address the following:
User Access Control
Risk Management Procedures
Intrinium provides the following solutions:
HIPAA Risk Assessment, Gap Analysis and Audits
NIST CSF Assessment, Gap Analysis and Audits
SANS Top 20 Risk Assessment, Gap Analysis and Audits
PCI DSS Cyber Risk Assessment, Gap Analysis and Audits
Chiara Morrison - Manager, Marketing 2018 has been the year of regulation in the Information Security community from General Data Protection Regulation (GDPR) to the California Consumer Policy Act (CCPA), privacy and security is more important than ever. 2019 is...
Chiara Morrison - Manager, Marketing As we wrap up the year, we wanted to share some of our favorite and most trafficked blog posts from our staff writers. We hope you enjoy! https://intrinium.com/smb-relay-attack-tutorial/ https://intrinium.com/events-2/...
How to Set Up and Configure Multi-Factor Authentication in the Office 365 Admin Center We recommend activating and configuring your multi-factor authentication to ensure you are optimizing your cybersecurity for your Office 365 platform. Before beginning, it is...
By Chiara Morrison - Manager, Marketing As we head into the holiday season, The National Cybersecurity & Communications Integration Center (NCCIC), reminds users to be aware of seasonal scams and malware attacks. As of the NCCIC release on November 19th, 2018,...
By Tracy Martin – Senior Information Security Consultant – Intrinium Developing a budget for your information security program can be challenging. Priorities have a way of changing throughout the year, regulations change, or new regulations, such as the GDPR, are...
By Sahan Fernando - Director, Managed Security - Intrinium Phishing is constant, relentless and a perpetually annoying threat for all Information Security professionals. As we move into year-end, it is important to remind your staff that phishing is all about being...
By Sahan Fernando - Director, Managed Security - Intrinium Budget success depends on having a strategic IT plan and vision, executed by a strong leader and supported by good processes. With the fiscal year 2019 right around the corner, this is something we all need! ...
By Chiara Morrison - Manager, Marketing - Intrinium October 2018 marks the 15th annual National Cybersecurity Awareness Month (NCSAM), which is an annual initiative to raise awareness about the importance of cybersecurity. NCSAM 2018 is a collaborative effort between...
By Ben Ross – Director, Managed IT – Intrinium It seems like everyone these days wants a piece of the cloud – it’s the buzzword that is supposed to solve your business problems in a snap. But is it really worth the hype? It can be an efficient way to utilize your...
Don’t even bother cracking NTLMv2 hashes gathered with Responder! Instead, just relay them to a target machine on the network and pop yourself into a LocalSystem shell. This attack uses the Responder toolkit to capture SMB authentication sessions on an internal network, and relays them to a target machine.