Compliance Gap Assessment & Planning. A gap assessment is a comparison between current controls and required controls. A gap assessment differs from a risk assessment in that the analysis of the impact of found gaps is not required in a gap assessment. This service is useful for organizations preparing to comply with a specific regulation or set of security requirements. Lantego provides gap assessments for specific regulations: NIST CyberSecurity Framework, HIPAA, PCI DSS, SOX (CobIT), GLBA, ISO/IEC 27001/2, NERC CIP, and NIST 800-53 (FISMA). 

  • HIPAA Security & Privacy Gap Analysis
  • PCI DSS Gap Assessment
  • ISO 27002 Gap Assessment
  • FISMA / NIST 800-53 Gap Assessment
  • NIST CSF Gap Assessment
Doug landoll is a leader in security risk assessments.

Doug landoll is a leader in security risk assessments.

Security Risk Assessment. A security risk analysis (or assessment) is an objective analysis of the effectiveness of the current security controls that protect an organization's assets and a determination of the probability of losses to those assets. A security risk assessment is a required element of many information security regulations (NIST CyberSecurity Framework (CSF), HIPAA, GLBA, SOX, ISO/IEC 27001/2). Security risk assessments differ from Gap Assessments in that additional tasks are added to determine the impact on corporate assets. These additional tasks allow for a prioritization of recommended countermeasures.  

  • HIPAA Meaningful Use Security Risk Assessment
  • PCI DSS Security Risk Assessment
  • FISMA / NISt 800-53 Security Risk Assessment
  • NIST CSF Security Risk Assessment

Crown Jewels Assessment. Seventy percent (70%) of an organizations asset value is contained in less than 2% of their data. These “crown jewels” require the most rigorous protection. A Crown Jewels assessment limits the scope of a security risk assessment to the company’s key assets and an extremely effective assessment approach.