In the current security climate, it is important to assess where your company stands in the midst of increasing Government Legislation for same, increasing liability issues, and the ever increasing need to protect your assets whether it be loyal staff, sensitive data, costly infrastructure, inventories, or other types of assets.
- What is the Threat Level facing the company?
- There is a substantial difference in cost and manpower between State Sponsored Terrorists and Vandals.
- What are the company’s most Critical and Important Assets?
- It is not possible to protect everyone and everything. What are the most important assets for the company?
- Are the company’s security systems and measures based on sound Design Criteria, and accepted standards and guidelines within the Security Industry?
- If not, and in the event of an incident, the company may face difficulty, in defending itself in any legal action, particularly from Alleged Negligence.
- Do the employees take Safety and Security for granted?
- Security Awareness, and Crisis Control training could be the difference between prevention, and having to deal with the consequences of an event.
- Is there an Emergency Messaging System in Operation?
- Violence in the Workplace is increasing, and an effective Instant Alert system could significantly reduce the risk of such events. There is also legislation in many States mandating such systems for Education establishments and others.
- Are Current Security Measures based on the results of a Security Vulnerability Assessment (SVA)?
- Almost all security legislation requirements include a professional SVA, and for good reason.
- Does the company Test and Evaluate its Security Measures on a Regular Basis?
- What regulatory requirements do I have to comply with regarding data security?
- Examples include Sarbanes Oxley, PCI-DSS (processing credit cards), HIPAA, state identity theft prevention laws, and others.
- What are the ramifications of non-compliance, or data breach?
- The company could face Fines, Loss of Reputation, Loss of Business Functions (e.g. processing credit cards), Cost of Client Reimbursement for ID theft protection, etc.
- What is the company’s Information Security Status at this moment?
- Has the company carried-out Substantive Testing of Existing Policies/Procedures (or lack thereof)? Has the company conducted penetration testing, or social engineering checks, or executed a wireless technology audit?, etc.
- If Tests have been conducted, has the company taken action to Improve its Position?
- Password policy, data segregation/classification, acceptable usage policies, incident response plan, disaster recovery plan, etc.
- How Often does the company Monitor its Position with respect to Data Security?
- Information Technology operates within a very Real-Time Environment.
What can be done at reasonable cost, to ensure that the company is adequately protected?
Wivenhoe Group can provide any, and all of the following:
- Vulnerability & Threat Assessments
- Security Training
- Security Oversight
- Security Commissioning
- Security Audits
- Specialist Data Security Services
- Design Engineering & Design Criteria