The SMP Solution & Methodology
- Assessment of the existing information security policies
- Review of how critical data is protected on a day-to-day, incident response, and disaster recovery/business continuity basis
- Review of the safeguards your organization has in place as they relate to IT security and regulatory compliance
- Infrastructure assessment to review network design, security device configuration and deployment; and physical security/environmental conditions
- Via interviews and observation, confirmation that policies and controls are in place as documented
- Through vulnerability and penetration testing of the external perimeter security, validation that controls are in place and working as represented to our consultants
- Tests of internal controls to determine if they protect valuable information and meet stated goals of organizational policies, "essential practices" and regulatory compliance
- Testing of each system and application within the scope of the engagement for vulnerabilities and unauthorized access
- Review and comparison of all findings to current policies
- Each specified vulnerability rated, documented, and an appropriate solution provided
- Gaps identified, regulatory compliance assessed, possible improvements proposed, and remediation efforts outlined.
- A report is prepared for presentation to your organization.