© 2019 RSM US LLP. All rights reserved.
A holistic view of your security controls across 16 domains
Many organizations do not fully understand their security programs, and therefore may not be able to identify and address potential vulnerabilities. In addition, without a complete perspective of security efforts, companies may have trouble effectively communicating program maturity to key stakeholders, clients and vendors.
RSM’s INFOSEC assessment is an interview-based assessment, covering a wide range of security controls and helping you pinpoint areas of strength and weakness. The security assessment is particularly beneficial in baselining your current security program, benchmarking maturity against peers, planning accordingly and marking progress over time. The INFOSEC also helps you understand whether gaps stem from weaknesses in personnel, process or technology to prioritize remediation areas and properly allocate resources.
The INFOSEC assessment varies from other assessments as it provides baselines of your control maturity but does not correlate these controls to threats or vulnerabilities. A traditional risk assessment takes a deeper look into how your controls are implemented, automated, reported and documented, and whether they actively mitigate risk. Furthermore, a business process risk assessment is focused evaluation of the financial impact of threats against specific processes.
Our INFOSEC control set draws from 16 domains for securing sensitive data that is stored, processed or transmitted. The control set is modeled on the National Institute of Standards and Technology (NIST) framework, although many controls also map to various frameworks and regulations such as the Payment Card Industry Data Security Standard (PPCI DSS). Ultimately, the INFOSEC assessment provides insight into the controls recommended by your industry and governmental standards.
By identifying gaps in controls representing a particular security domain, RSM can then provide targeted recommendations for strengthening your program from a strategic and tactical perspective. No matter what shape your current security program is in, the INFOSEC assessment can help you improve your security posture.