|
Companies that want to
understand their current level of compliance with an industry
accepted framework that provides coverage for SOX Regulations,
FFIEC and GLBA Mandates and HIPAA Standards. |
|
Companies in need of a
unified compliance framework for corporate governance. |
|
Companies seeking to reduce
risk, document compliance performance, and demonstrate
security due diligence to auditors, board members and
customers. |
ISO-17799 Compliance Assessment is an industry
accepted unified framework for performing a risk analysis
or gap assessment to determine current level of compliance.
Using a unified framework to perform your
compliance assessments offers consistency across all of the
various regulatory requirements.
The ISO-17799:2000, ISO-17799:2002, ISO-17799:2005
and the ISO-27001 is based on the following twelve key domains:
|
Risk assessment and treatment |
|
Security policy |
|
Organization of information
security |
|
Asset management |
|
Human resources security
|
|
Physical and environmental
security |
|
Communications and operations
management |
|
Access control |
|
Information systems acquisition,
development, and maintenance |
|
Information security incident
management |
|
Business continuity management
|
|
Compliance |
After an initial call, the Arsenal Security
Group Senior Partner will prepare a statement of work within
2 days and we normally can begin an engagement within two
weeks. During the engagement we will use interviews, questionnaires,
physical tours and technical tools to develop our assessment.
We usually use 1-2 consultants in tandem with our Senior Partner
to complete an engagement. We will provide an executive summary,
a detailed report with all of our findings and recommendations,
and a final onsite presentation. Our engagement is not complete
until all of our deliverables have been reviewed and accepted
by our client.
About
Arsenal Security Group
Arsenal Security Group is a security
consulting firm that is focused on close client coordination
and collaboration. From the initial meeting through the final
presentation, one of Arsenal Security Group’s Senior
Partners will be the primary contact for all engagement activities.
We proactively conduct weekly calls with our client when engaged
and meet with clients on a quarterly basis to review and understand
their security posture – even when we are not actively
engaged on assignment to ensure they are aware of new security
risks or regulatory changes they may impact their business.
^^ Top |
