Overview

The ISO 27002 Security Assessment is a professional security assessment that utilizes the ISO 27002 control framework.

This assessment focuses on security (and overlapping privacy policies), procedures, physical access controls, technical access controls and internet/intranet controls. The assessment provides management with an opinion of what areas the organization may need to focus resources on to reduce its current level of risk.

This service can be customized to address areas of risk relevant to PCI, HIPAA, Sarbanes Oxley, Graham Leach Bliley, FISMA, and FERPA.

The ISO 27002 framework is an internationally-accepted code of practice/standard for information security management.  The standard is applicable to all types of industries of all sizes.  It addresses a specific set of recommended controls covering information security risks as related to accessibility, confidentiality, and integrity.

The ISO 27002 assessment is designed to review an organization’s current information security as it relates to the controls outlined in the ISO standard.

Deliverable

The deliverable from this project is a detailed report showing our findings for each of the ISO controls along with a risk based score.   A detailed list showing suggested remediation steps is included.