Organizations must ensure effective application and operation of controls through independent security assessments.
Compliance Gap Assessment & Planning. A gap assessment is a comparison between current controls and required controls. A gap assessment differs from a risk assessment in that the analysis of the impact of found gaps is not required in a gap assessment. This service is useful for organizations preparing to comply with a specific regulation or set of security requirements. Lantego provides gap assessments for specific regulations: NIST CyberSecurity Framework, HIPAA, PCI DSS, SOX (CobIT), GLBA, ISO/IEC 27001/2, NERC CIP, and NIST 800-53 (FISMA).
- HIPAA Security & Privacy Gap Analysis
- PCI DSS Gap Assessment
- ISO 27002 Gap Assessment
- FISMA / NIST 800-53 Gap Assessment
- NIST CSF Gap Assessment
Security Risk Assessment. A security risk analysis (or assessment) is an objective analysis of the effectiveness of the current security controls that protect an organization's assets and a determination of the probability of losses to those assets. A security risk assessment is a required element of many information security regulations (NIST CyberSecurity Framework (CSF), HIPAA, GLBA, SOX, ISO/IEC 27001/2). Security risk assessments differ from Gap Assessments in that additional tasks are added to determine the impact on corporate assets. These additional tasks allow for a prioritization of recommended countermeasures.
- HIPAA Meaningful Use Security Risk Assessment
- PCI DSS Security Risk Assessment
- FISMA / NISt 800-53 Security Risk Assessment
- NIST CSF Security Risk Assessment
Crown Jewels Assessment. Seventy percent (70%) of an organizations asset value is contained in less than 2% of their data. These “crown jewels” require the most rigorous protection. A Crown Jewels assessment limits the scope of a security risk assessment to the company’s key assets and an extremely effective assessment approach.