Security Program Assessment and Development Services

The Ingenuity Security Program Assessment and Development service focuses on providing a high-level assessment of how an organization manages the security of their information systems and identifies key vulnerabilities and inherent risks.  We provide recommendations for implementing best and practical security practices for the organization with a specific emphasis on addressing the key vulnerabilities and risks.

We conduct this assessment with an awareness of regulatory requirements and certification guidelines that apply to your business, such as Sarbanes-Oxley, HIPAA, and SAS 70, and/or the variety of Federal, State and Local Identify Theft Protection Acts that are emerging across the country.

And, as required by many of these regulations, guidelines and certifications, we work with your organization to develop, augment or replace security policies that specifically address the regulatory requirements, while guiding the organization in developing a security framework that is acheivable and ultimately successful in protecting the organization's information assets.

Our approach to Security Program Assessment and Development includes the following steps:

1.       Conduct a Threat Analysis

          • Assess compliance requirements with relevant laws (HIPAA, Identity Theft, etc.)
          • Assess compliance requirements with relevant industry standards (PCI, NACHA, etc.).
          • Identify assets that need to be protected (personal information, strategic company data, strategic systems, paper documents, etc.)
          • Examine administrative, technical & physical policies and procedures
          • Evaluate Security Architecture (network, software, data, etc.)
          • Conduct network and application penetration analysis
          • Assess the overall risk to the organization

2.       Develop Written Security Policies and Procedures

Administrative

          • Assigned responsibility for security
          • Measures for risk prevention, reduction and control
          • Workforce compliance (employees, contractors)
          • Security Incident management, reporting & disclosure
          • Disaster recovery and business continuation
          • Periodic evaluation and revision

Technical

          • Software design
          • Network design
          • Information processing
          • System access control
          • Data integrity
          • Audit controls

Physical

          • Facility access control
          • Maintenance records
          • Document management
          • Device and media controls

3.       Recommend Technical and Physical Safeguards

4.       Implementing a Security Awareness Program

          • Development of Training materials
          • Conduct security awareness training sessions or develop train-the-trainer guidelines

Ingenuity is vendor neutral and does not resell security products or services.