℅ 5b/3 Central Avenue
4 Fundamental Questions
Overall there are 4 fundamental questions that need to be asked about security, they naturally flow from the top of the organisation down.
Does the Company security policy comply with legislation and support overall organisational objectives and values?
Do the company's business procedures and business processes uphold the company security policy?
Do the controls enforce the company security policy?
Does the data security model support enforcement of the company security policy?
Designing IT Solutions centre our approach around 5 pillars: –
- Assessment of potential security risks
- Prevention of these risks
- Detection of breach events
- Reaction to breach events
- Recovery from breach events
We understand that security is about more than the software that your company uses. Security is a complex layering of controls, some of these are about hardware and software, but just as important are the people and processes within the organisation.
Final Report – Data Security Control Review
The final report structure is as follows: The final report will provide:
- An enterprise list of the major data information assets that need protection.
- An enterprise list of vulnerabilities that each data asset would be in danger from.
- A calculation of likelihood and organizational impact for each identified asset.
- A list of the existing controls for each asset that mitigate risk.
- An assessment of the effectiveness of the list of controls in terms of adequacy.
- A road map in terms of fixing the gaps and the way forward.