Information Security Assessments

Integral to any Information Security Management System (ISMS)

What is a perfectly secure environment? It is one where there are no gaps in the armor of security.For an ISMS to be efficient and, it is immensely important to “assess” the control environment to find out any control gaps that may leave the organization susceptible to security risk.Integral to any Information Security Management System (ISMS) is the process of “assessing” the control environment to understand where control gaps may be leaving the organization at unacceptable risk. PPS’s Information Security Assessment activities generally fall into one (or more) of the following types:

  • Design assessment activities evaluate the appropriateness of controls by comparing the control design against a) client’s control objectives b) industry good practice  c) laws/regulations, d) and/or the auditor’s professional judgment (e.g., an Application Architecture Review).
  • Compliance assessment activities validate that the control measures established are working as designed, consistently, continuously and flawlessly. (e.g., a Password Audit).
  • Substantiative assessment activities provide assurance that the “net” control objectives are being achieved, and in case they are not, the assessment provides a measure of probability and business impact (e.g., a Penetration Test).
  • Shared assessment program  was created by leading accounting firms, financial institutions, and key service providers to infuse standardization, speed, consistency, efficiency and cost savings into the vendor risk assessment process.