HIPAA/HITECH
Required of any organization that stores, processes, or transmits “Protected Health Information (PHI)”
EdgeTeam has your Security Assessments covered.
Gap Assessments
Many organizations begin their development of an information security program with the driver of becoming compliant with a specific regulation. This regulation specific approach requires the establishment of a baseline of the current controls, commonly called a “gap assessment”. EdgeTeam provides individual regulation or multiple regulation gap assessments for a number of regulations and security standards.
Risk Assessment
Risk Management is often treated as a compliance issue, and many companies do a great job managing financial and compliance risks. However, truly understanding the risks posed to strategic initiatives and to information security requires a different approach. Analyzing risk in the planning phases of a new business initiative involving new IT systems and application rollouts is still a struggle for many organizations. Rarely do we encounter a customer who has a stated risk tolerance as it pertains to information security, until after we perform our analysis.
We are equipped with the experience to educate information security professionals on how to quantify risk and speak the language of finance in terms that the business will understand, and we provide processes and programs that manage the dynamics and variability of information security risk quantification.
Deliverables:
- Scoping Documents
- Risk/Opportunity Register
- Risk/Opportunity Analysis Reports:
- Executive Summary
- Main Analysis and Report
- Technical Appendices
- Graphical and Executive Presentations
Capabilities:
Our risk assessment and analysis services provide a detailed description of the organization’s current state, including the identification, analysis, and quantification of the following:
- Key business processes and assets that create value and opportunity for the organization, its stakeholders, and its customers
- Key elements in the threat landscape, including threats and exploits, as well as threat actors and their motivations
- Key vulnerabilities that might be subject to exploits and the actions of threat agents
- Key controls that might prevent exploits or which might detect and mitigate the effects of exploits and the actions of threat agents
- Potential loss exposure and impact given the organization’s current posture in its risk landscape
Once the current state is defined and understood, we help the organization to envision and define a future risk posture, to make plans to achieve that future state, and to manage the future risk state according to the organization’s explicit risk appetite and risk tolerance.