The Information Security Healtcheck a broad scope assessment of the current information security state of a company or organisation. While it does not go into the depth of penetration testing or specialised ISMS reviews, it has a much wider sweep tying together management, technical and personnel-centric threats, risks and controls. It will help you to determine which information security areas need immediate attention and how the major shortcomings should be addressed.

The Aims:

• identify major or strategic information security flaws via an established gap analysis methodology
• determine and prioritise risks presented by such flaws
• suggest a roadmap outlining the most business-effective ways of rectifying these risks

The Benefits:

• broad scope analysis of your current security posture
• discovery and elimination of major information security flaws
• assistance at determining effective security strategies, programs, and plans
• help in selecting the optimal security services and solutions to mitigate the uncovered risks
• establishing good security practices with minimal client disruption and cost
• resolving relevant regulatory and compliance issues ranging from Data Protection Act to ISO27001:2005, FSA Annex 1 and PCI DSS

The Information Security Healthcheck scope:

• security strategies, programs and plans
• security standards and policies
• compliance and regulatory needs and demands
• security operations and procedures
• business continuity plans and implementations
• data classification and distribution
• network architecture security
• system and network management and maintenance security
• end-point and remote access security
• software development security
• physical security controls
• personnel security awareness and training

The methodologies used:

• on-site interviews with the key personnel responsible for information and IT security
• brief but precise questionnaires to be filled by such employees
• security documentation reviews
• security reviews of network diagrams, data flow charts etc.
• security inspection and analysis of processes and operations
• on-site inspection of relevant facilities
• wired and wireless host discovery and vulnerability scanning
• compliance profiling
• high level risk analysis (similar to the OCTAVE)
• strategic risk reduction plan generation

The Deliverables:

• The Information Security Health Check report that includes:

- Risk & Gap Analysis
- Risk Reduction Plan

Arhont are industry leaders in information security, and together with our corporate experience we deliver a very cost effective Information Security Healthcheck. The Healtcheck provides a broad scope assessment of your company’s Information Security status, which is based on international standards for information security and industry best practices.

This scope of this service includes:

• security strategies, programs and plans
• security standards and policies
• compliance and regulatory needs and demands
• security operations and procedures
• business continuity plans and implementations
• data classification and distribution
• network architecture security
• system and network management and maintenance security
• end-point and remote access security
• software development security
• physical security controls
• personnel security awareness and training

Understanding your current exposures and the real effectiveness of controls arms you with the information you need to safeguard your companies assets.

This fixed price service is just £1995* for a single site study. Additional sites will be charges at a discounted £995 per day, giving a discount of nearly 20% over our standard rates.

*Note, this service price assumes two days of work and covers most SME and large organisations, however for very large or complex sites we will provide pricing details after completion of a questionnaire.

Download a factsheet on this service here InfoSec Healthcheck