TAC The Advisory Council Enabling IT Transformation
Home Services & Products Events & Workshops Results Our Experts About Us FAQ Contact TAC News
Information Security Rapid Review Assessment An effective information security program is essential to the operation of every enterprise. Yet most CIOs, CISOs and COOs don't really know if their business operations are secure or not. Our Information Security Rapid Review Assessment is designed to answer this question, by benchmarking your practices against internationally accepted security standards. In addition, the Information Security Rapid Review Assessment will help you meet regulatory requirements that mandate periodic independent assessments of information security controls.
On-Site Expertise Delivery

This affordable, fixed-price offering will enable clients with mature security programs to obtain independent validation of security controls and identification of areas needing remediation. The Information Security Rapid Review Assessment will enable clients starting or rebuilding security programs to identify current-state problems and obtain high level recommendations on the scope of needed remediation efforts. It is applicable to clients without or with one or more compliance requirements such as PCI DSS, SOX, HIPAA, GLBA and FISMA.

Description

Our Information Security Rapid Review Assessment provides a fast and efficient assessment and analysis of the current information security environment and control maturity, including:

  • Assessment of control maturity for technical, physical and administrative security controls
  • Assessment of information security management controls
  • High level gap analysis and recommendations for improvement

The assessment is based on the international security standard ISO 27001. The assessment analyzes 133 security controls and 17 security management controls. Evaluation of control maturity is done on a scale of 1–5. Maturity analysis is done through management interviews and document review. At the end of the process, the maturity scores are summarized and improvement recommendations are made for any control with maturity level below 3.

Deliverables

Our offering delivers the following results:

  • Maturity level analysis for security controls in the following domains
    • Security Policy
    • Security Organization
    • Asset Management
    • Human Resource Security
    • Physical Security
    • Operations
    • Access Control
    • Systems Development
    • Incident Management
    • Business Continuity
    • Legal and Regulatory Compliance
    • Security Management
  • Gap analysis and recommendations for improvement

A detailed report will be delivered covering these points, along with a presentation to client management.

Work effort will include on-site and off-site tasks for a total of four days. On-site information gathering will be limited to two days. One day of preparation and one day of report and presentation preparation are also included. TAC assumes that stakeholders are available for interviews during the two days allocated for on-site data gathering. TAC will present findings and recommendations within seven business days after receipt of all information from the client, and present to client’s senior management team.

Target Audience

CIO, CISO, COO, CFO

Executives who need to confirm security control levels of the enterprise, either for best practice or for regulatory requirements.

About TAC (The Advisory Council)

Founded in 2002, TAC provides IT organizations with enterprise-wide access to objective, actionable advice for resolving IT challenges and issues. Through its suite of services, products and workshops, TAC helps IT organizations make decisions more quickly and cost effectively. TAC’s Expert Network consists of hundreds of Experts, covering the full range of IT subjects. Clients include Fortune 1000 and midsize companies, government, and educational institutions.

Got a question? Contact Us
©2002–2012 The Advisory Council Inc. All rights reserved. Privacy Policy & Guidelines | Terms & Conditions