Organizations must ensure effective application and operation of controls through independent security assessments.
Compliance Gap Assessment & Planning. A gap assessment is a comparison between current controls and required controls. A gap assessment differs from a risk assessment in that the analysis of the impact of found gaps is not required in a gap assessment. This service is useful for organizations preparing to comply with a specific regulation or set of security requirements. Lantego provides gap assessments for specific regulations: NIST CyberSecurity Framework, HIPAA, PCI DSS, SOX (CobIT), GLBA, ISO/IEC 27001/2, NERC CIP, and NIST 800-53 (FISMA).
- HIPAA Security & Privacy Gap Analysis
- PCI DSS Gap Assessment
- ISO 27002 Gap Assessment
- FISMA / NIST 800-53 Gap Assessment
- NIST CSF Gap Assessment
Security Risk Assessment. A security risk analysis (or assessment) is an objective analysis of the effectiveness of the current security controls that protect an organization's assets and a determination of the probability of losses to those assets. A security risk assessment is a required element of many information security regulations (NIST CyberSecurity Framework (CSF), HIPAA, GLBA, SOX, ISO/IEC 27001/2). Security risk assessments differ from Gap Assessments in that additional tasks are added to determine the impact on corporate assets. These additional tasks allow for a prioritization of recommended countermeasures.
- HIPAA Meaningful Use Security Risk Assessment
- PCI DSS Security Risk Assessment
- FISMA / NISt 800-53 Security Risk Assessment
- NIST CSF Security Risk Assessment
- FFIEC CAT
- ISO 27001:2013
Remote Cybersecurity Risk Assessment. Small to medium businesses (SMB) have all the same (if not more) information security regulations, technology, and threats that larger businesses have, but without a large budget for an independent risk assessment. In order to serve this market, Lantego has created a remote cybersecurity risk assessment process. This process greatly reduces the price of the assessment by eliminating onsite observations and interviews, utilizing survey-based interviews, and simplifying the final report. This service is limited to SMBs and single regulation (e.g., HIPAA Security, PCI DSS v3.2, FISMA/NIST 800-53, NIST CSF, FFIEC CAT, or ISO 27001:2013)
Crown Jewels Assessment. Seventy percent (70%) of an organizations asset value is contained in less than 2% of their data. These “crown jewels” require the most rigorous protection. A Crown Jewels assessment limits the scope of a security risk assessment to the company’s key assets and an extremely effective assessment approach.