• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
Pricing:
High level reviews typicallyrenage from $5,000 to$7,000
In depth reviews typicallyrange from $6,000 to$10,000
Pricing varies based on thelevel of available documenta-tion, number of businessunits, and additional stan-dards mapped to documentedcontrols
Governance, oversight, and regulatory compliance are key to the success of an organization.Setting expectations through policy, defined procedures, and underlying standards are critical tosecure confidential information assets.To identify and resolve the risks associated with the organizations information security program,it should be assessed for adequacy and effectiveness.
Focused primarily on the design of the organization’s security controls, Halock will review the
organization's documented information security policies, standards and procedures. Halock willconduct interviews with key organization resources where documentation is unavailable orotherwise deemed appropriate. The objective of the assessment is to ensure that the contents of the security program adequately address the requirements and intent of relevant complianceframeworks and/or standards, such as ISO 27002 or other suitable security frameworks
applicable to the organization’s requirements.
 Each document will be reviewed in terms of overall content, consistency with other policies andstandards, effectiveness of specific language or terminology used, intended audience, methods of communication to that audience, and methods of enforcement.Halock will conduct interviews, as appropriate, with key individuals regarding security policies,procedures, and standards to collect required data for review. Halock can perform an in depthanalysis of the design and content of policies, procedures, and related standards, identifyingapplicability and compliance with security control objectives .
Solution OverviewISO 27002 Framework:
Halock will review control objectives from thefollowing ISO 27002 as part of the review:4: Risk Assessment and Treatment5: Security Policy 6: Organization of Information Security 7: Asset Management8: Human Resource Security 9: Physical and Environmental Security 10: Communications and Operations Manage-ment11: Access Control12: Information Systems Acquisition, Develop-ment, and Maintenance13: Information Security Incident Management14: Business Continuity Management15: Compliance
Gap Assessment
Solution At-a-Glance:
Fulfill regulatory and legalrequirements to performregular risk assessments of the design of informationsecurity controls
Identify gaps in policies,procedures, and standardsthat could result in regula-tory issues
Determine if existing gov-ernance, risk managementpractices, and oversight of sensitive information han-dling adequately protectsthe organization from breachor incident
Receive recommendationsfor continual improvement of the security program
ISO 27002 is referenced asthe default standard
847.221.0200 halock.com
 
1834 Walden Office Square, Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com
 
Assessment & Compliance Services Division
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...