..

This design element requires flash & JavaScript to be enabled to play. Download the latest version of flash from Adobe.com.

Information Security Gap Analysis

commissum consulting services include audits, security healthchecks, ISO27001 reviews, CLAS consultancy and policy creation and management.

Our security awareness, training and education services allow organisations to enhance their employees' awareness and understanding of information security issues through managed awareness programmes, and delivery of training and educational products.

 Security Health Check

commissum's health check provides an independent assessment of your information security threats via an information security gap analysis.

Security health check issues

Security threats have the potential to materialise as both legal and commercial risks within an organisation. It is a fundamental legal responsibility of Directors and all levels of Company Management to ensure that reasonable measures are taken to mitigate such risks.

Risks that materialise can impact on an organisation in many ways, the impact undermining the confidentiality, integrity and/or availability of critical information and systems. The scope of the health check wide-ranging, and identification and analysis in some areas will require specialist knowledge.

The key step is to conduct an objective analysis of the risks and of their impact on the assets of the company, and then to achieve a balance between risk mitigation and business priorities in a well-planned security management programme. In this, experience and independence are essential, to achieve true objectivity and avoid overlooking potentially critical issues.

The healthcheck is a broad-spectrum assessment of security, using ISO27001/2 as a framework. It should be considered the minimum starting point for any organisation to ensure its commercial and legal responsibilities are addressed.

Approach

The healthcheck combines inspection, interview and observation to draw up a picture of the effectiveness of a wide range of information security controls. These include organisational and procedural controls as well as security technology.

The elements are:

  • Iimpact analysis: Sets the standard for security achievement based on the impact suffered if security fails.
  • Interviews: Meetings with key business staff to evaluate security controls
  • Inspection and observation: Visit and review of significant locations and facilities.
  • Documentation overview: Assessment of the completeness and effectiveness of security policies and procedures.
  • Analyse and report: Collation and analysis of data and findings, followed by a report presenting conclusions and recommendations.

Security health check customer benefits

commissum provides the customer with an expert independent assessment of the effectiveness of their security controls and practices.

  • Benchmark set and agreed early in the exercise through the impact analysis.
  • Targets for good security practice defined, relevant to the organisation and its business environment.
  • ISO27001/2 provides a proven and comprehensive scoping framework.
  • Standard commissum processes and report formats reduce set-up overheads and timescales.
  • Real value from a short audit period, with minimal disruption.

Icon Security-Healthcheck-PDF (42.5 KB)

Get in touch with one of our security consultants today

  • No obligation
  • Expert advice
  • Tailored solutions
"commissum recently provided invaluable advice and support, ensuring the success of our secure remote access project, and has provided us with annual penetration testing and managed service scanning for several years. I would happily recommend commissum to others for their professionalism and quality of service.”

Mr Tim R, IT Director, International Law Firm

Latest News

country flags

UK cyber-security among the world's best in recent report

A new report collates the views of international cybersecurity experts to grade several countries according to the strength of their defence against Internet attacks.  The report, sponsored by the computer security company McAfee, ranks Israel, Finland and Sweden as the top-performing countries, with four and a half out of five ...
Tue 31 Jan, 2012 // Briony
SecurityLock

McAfee fixing spamming bug in anti-malware software

McAfee, the prominent anti-malware software firm, has been fixing a flaw discovered in its software that would allow a spammer to use an infected machine to send floods of spam emails.The flaw was found in McAfee’s “SaaS for Total Protection” cloud-based anti-malware software.  The flaw crucially depended on the software’s ...
Fri 27 Jan, 2012 // Briony
Online Threats

Beware! Ransomware Attacks Are On the Rise

Cloud security company Panda Security, have announced on their blog PandaLabs, that ransomware attacks are increasing. Not only are the attacks more common but also more sophisticated. Leaving personal and business users having to face new major threat in the coming year.What Is Ransomware?Ransomware is a type of malware, that ...
Tue 24 Jan, 2012 // Chris