IT Security Risk Assessment

Our Approach

IT Security Risk Assessment

The complete IT security assessment produces recommendations to mitigate vulnerabilities for information systems. Testing is available with adherence to security standards. In addition, security is assessed for information privacy compliance.

Risk analysis is used to determine the appropriate countermeasures for information systems. Recommendations are produced to mitigate risks. Technical approaches are utilized for the internal/external vulnerability tests and detailed reports of vulnerabilities are produced.

The audit and assessment processes are facilitated by the STN portal, which provides remote reporting and facilitates collaboration between STN and your IT staff. The portal includes the capability to input responses for a complete report, including an executive summary.

The objective of the information security assessment is to provide feedback to the customer with respect to its ability to preserve the confidentiality, integrity and availability of the information maintained by and used by the organization.

Using various security frameworks including Octave Allegro, NIST and others, STN will test the use and implementation of security controls used to secure sensitive data.


STN reviews several sets of process controls, technology controls, and physical security controls. In addition, STN will review controls specific to the data in the core applications regulated by industry

Administrative Controls

Reviewing policy, procedures, disaster recovery, business continuity, critical vendors, operations, information security, risk assessment, and regulatory compliance.

External Technical Controls

Analyzing firewall configurations, internet design, exposed services and border devices, internet servers, intrusion detection/prevention systems, and remote access.

Internal Technical Controls

Test performed to identify vulnerabilities on the WAN, LAN, Voice system, internal servers/printers, wireless networks, modems, vendor and partner connectivity, logging analysis and report, data-in-transit and portable devices.

Wireless Controls Review

Identify wireless coverage overreach into non-private areas, identify weaknesses in wireless technical controls, Analyze wireless network architecture, search for rogue access points and analyze wireless security configurations.

Financial Institutions

Electronic Banking Controls
Review controls to gain reasonable assurance best practices and regulatory compliance are met.

Healthcare Providers

Electronic Medical Record Controls
Review your technical environment and the potentials for gaps in your security protecting your patient data.


SCADA System Controls
A deeper technical, physical, and administrative analysis of your technical environment and the potentials for gaps in your security as they relate to FERC, ISO/IEC 27001, ISO 27702, and NIST frameworks.


CJIS Controls Controls
A comprehensive review of all Criminal Justice Information Security controls and where you need to improve to meet CJIS requirements.


NIST 800-171 Controls
A complete evaluation of your ability to protect Controlled Unclassified Information.

“As a small Credit Union, we have very limited staff and time. We need a tool that provides us with a quick and easy way of fulfilling our regulatory assessments. Not only does STN’s tool do the job, but it also allows us to compare against past assessments and reveal trends through our history. This has been very powerful in determining where we have been deficient and where we are excelling. The FFIEC self assessment tool also provides us a quick and easy way to report to our board and our NCUA examiners on our improvements and progress.”

— Information Security Analyst

“STN’s new FFIEC tool simplifies the process of ascertaining risk levels, assessing an organization’s maturity level, and gauging progress needed and made over time. An accessible and intuitive interface makes it easy to use, STN has created a valuable tool for reporting and documenting FFIEC data as it pertains uniquely to your company.”

— Vice President / Information Security Officer

Get in touch

Schedule your risk-free consultation.

Contact us today to speak with an expert about your specific needs.

Stay in the Cloud

Sign Up for Our Newsletter

Sign up for our monthly newsletter for to stay up to date.

Copyright © 2021 STN Inc. All Rights Reserved.