|
It is essential that an organisation has
a good awareness of its computer security status. Without
a good understanding of its position, the business may be
running unacceptable risks.
A computer security review will examine
your business and your information systems to give you an
accurate picture of your security status.
What is the Difference Between
a Computer Security Review and a Computer Security Risk Analysis?
A computer security risk
analysis is the process of evaluating the business need
for security, determining the appropriate levels of computer
security controls and checking to see if they have been met.
A computer security
review is the process of examining computer security controls
against a fixed standard such as a set of computer security
standards. A computer security review would be performed in
a situation where:
- Risks have already been evaluated, the
appropriate levels of computer security controls determined,
and the requirement is to check whether controls are still
at the appropriate level; or
- After a computer security controls improvement
project, whether controls have reached the appropriate level.
What Does a Consultant Examine
in a Computer Security Review?
In a full computer security review, we would
expect to examine the following areas of computer security:
- Computer security policy
- Computer security organisation
- Information asset classification
and control
- Human Resources (personnel) security
- Physical and environmental security
- Computer and network management
|
- System access control
- Application systems security
- Business continuity planning (BCP)
- Legal and regulatory compliance
- Computer security incident response
capability
|
Get more information on computer security reviews -
Contact
Us!
|
