Cybersecurity Assessments Based on Other Frameworks
In addition to the NIST CSF, PIRC can identify gaps between your environment and these additional cybersecurity frameworks: HIPAA Security Rule, NIST SP800-171, PCI DSS, and GDPR. All of our cybersecurity assessments provide recommendations for improvement, which allows your organization to close gaps in an actionable fashion.
PIRC’s security assessments are performed by Certified Information Systems Security Professional (CISSP)-certified cybersecurity consultants, so you know you’re getting only the best and most pertinent advice.
Our security assessments are more than just a cursory review of technology. The three phases of our security assessments are:
Documentation Collection & Review
This phase is intended to give PIRC’s cybersecurity consultant a security perspective to aide in leading personnel interviews and other data collection. We will collect and review the following items.
Policies – Written information security policies such as acceptable use, backup, incident response, and access control will be collected by the client and transferred securely to the cybersecurity consultant.
Procedures – Documentation on procedures will be collected by the client and transferred securely to the cybersecurity consultant. Examples of procedures to be collected include:
Data backup procedures/steps
HR onboarding / user creation process
Process for revoking user rights upon employment termination
Processes for granting user access to various workflows and file shares
Procedures for determining the health of various systems
Diagrams and configurations – This will include collection of physical and logical networking diagrams, application-level data flow diagrams, and configurations of critical systems.
Previous assessment outputs, if they exist – Any recent security assessment, penetration testing, or vulnerability assessment output will be considered an input in this project for context and historical analysis.
Our cybersecurity consultant will work with you to determine who should be involved in interviews. It is important to gather a representative sample of the workforce population, people in different roles within the organizational hierarchy, and people using different data workflows. We’ll do the following during a cybersecurity assessment service engagement.
Document current status and write remediation recommendations where cybersecurity maturity is lacking, and improvement opportunities exist
Each interview typically takes 1-2 hours to complete
Interviews may be recorded to ensure thoroughness (recordings are used for the sole purpose of conducting your project, and will be destroyed after project completion)
If you are interested in Cybersecurity Assessment Services, contact us for a complimentary telephone consultation.