Our Approach
IT Security Risk Assessment
The complete IT security assessment produces recommendations to mitigate vulnerabilities for information systems. Testing is available with adherence to security standards. In addition, security is assessed for information privacy compliance.
Risk analysis is used to determine the appropriate countermeasures for information systems. Recommendations are produced to mitigate risks. Technical approaches are utilized for the internal/external vulnerability tests and detailed reports of vulnerabilities are produced.
The audit and assessment processes are facilitated by the STN portal, which provides remote reporting and facilitates collaboration between STN and your IT staff. The portal includes the capability to input responses for a complete report, including an executive summary.
The objective of the information security assessment is to provide feedback to the customer with respect to its ability to preserve the confidentiality, integrity and availability of the information maintained by and used by the organization.
Using various security frameworks including Octave Allegro, NIST and others, STN will test the use and implementation of security controls used to secure sensitive data.
IT SECURITY RISK ASSESSMENT PROCESS
STN reviews several sets of process controls, technology controls, and physical security controls. In addition, STN will review controls specific to the data in the core applications regulated by industry
Administrative Controls
Reviewing policy, procedures, disaster recovery, business continuity, critical vendors, operations, information security, risk assessment, and regulatory compliance.
External Technical Controls
Analyzing firewall configurations, internet design, exposed services and border devices, internet servers, intrusion detection/prevention systems, and remote access.
Internal Technical Controls
Test performed to identify vulnerabilities on the WAN, LAN, Voice system, internal servers/printers, wireless networks, modems, vendor and partner connectivity, logging analysis and report, data-in-transit and portable devices.
Wireless Controls Review
Identify wireless coverage overreach into non-private areas, identify weaknesses in wireless technical controls, Analyze wireless network architecture, search for rogue access points and analyze wireless security configurations.
Financial Institutions
Electronic Banking Controls
Review controls to gain reasonable assurance best practices and regulatory compliance are met.
Healthcare Providers
Electronic Medical Record Controls
Review your technical environment and the potentials for gaps in your security protecting your patient data.
Energy
A deeper technical, physical, and administrative analysis of your technical environment and the potentials for gaps in your security as they relate to FERC, ISO/IEC 27001, ISO 27702, and NIST frameworks.
Government
A comprehensive review of all Criminal Justice Information Security controls and where you need to improve to meet CJIS requirements.
Government
A complete evaluation of your ability to protect Controlled Unclassified Information.
Get in touch
Schedule your risk-free consultation.
Contact us today to speak with an expert about your specific needs.
"*" indicates required fields
Stay in the Cloud
Sign Up for Our Newsletter
Sign up for our monthly newsletter for to stay up to date.
Partners
Company
Newsletter
Copyright © 2022 STN Inc. All Rights Reserved.