Checking the security environment is a service that includes an overview of the effectiveness of the security measures that were implemented in the system, and prescribing measures that are missing. Security measures are compared with selected standards and safety measures to march satisfy the requirements of safety standards in the system.
For the shortcomings of which are identified, ie. The measures needed to meet the standard in a high percentage, together with the Client agree on steps for implementation, which can be technically and organizationally.
Areas of practical control:
- Logical security / Access control
- Physical security and environmental safety
- Security operations
- Protection of communications
- Acquisition, development and maintenance of the system
- Management of information security incidents
- Business continuity
The areas of organizational control:
- Information security policy
- Organization of information security
- Safety of human resources
- Relations with suppliers
- Property Management