The SecurIT360 method

Our Audits are tailored to meet each client’s needs.  If you are a law firm dealing with hospitals you don’t need an audit designed for financial institutions, just like a bank doesn’t need an audit designed for HIPAA regulations.

We have experts with a wide range of skills and experience in a number of different industries, and will tailor our audit to meet your particular needs.  Our audits can be as small as auditing the security configuration of a firewall to a full blown audit of your organization’s security posture.  We can also customize an audit to focus on a particular department or even help your organization determine what it needs to bridge the gap to becoming compliant.

Other clients have mentioned they appreciate the 360º approach we offer.  In simple language, here’s how it works:

  • Understand The Business

    Some IT security requirements are well understood and fairly universal.  For example, require difficult passwords and change them regularly.  However, the implementation of any security control needs to be assessed within the context of the operating environment.  Additionally, security controls can change the way that a business operates, and should be designed in a way that does not impede business functions.  Therefore, it is essential that we start at the top and understand the business and its processes to formulate a solid security strategy that fits the organization.

  • Assess current security measures

    You would be correct to assume that Security Audits cover all of the bits, bytes, servers, and other things in your computer rooms.  However, security is not just a job for IT.  Our audits are very thorough.  We audit physical security, human resources, and other areas of business operations to insure that you have a 360° view of your risks.

  • Compare findings to best practices and industry security standards

    We set high standards.  In corporate America; Firms, credit unions, credit card processors, and similar institutions are the most heavily regulated and have some of the highest security standards.  Therefore, we base our security audits on these high standards and then tailor the audit to the client’s environment.  Even though you may not be subject to many security requirements at this time, setting a high standard offers the business better protection.

  • Apply our experience

    Now that we have gathered the necessary information and checked it against best-practices, we apply our first-hand knowledge to help you understand what the risks are in business language – not geek speak.  This helps us prioritize our efforts for a security program implementation that fits with the business.

  • Devise a Plan to address the issues

    Now that we have an accurate picture of where we stand and the challenges ahead of us, we work with our clients to determine the options available and the best way to proceed.  We believe that our clients should take ownership of these serious business issues and we want to empower them with a plan of attack.

Ten Domains of Information Security

Our 360 degree audit covers ten domains of cyber security.  This means that we are not just looking at IT, but at the business as a whole to measure the security of the information in your organization as a whole.  Security involves more than what is typically considered ‘IT’.  The it360 X-ray is one of the outputs of a Security Audit; many of your important decisions will be affected by it as you gauge, diagnose, and implement a security program.

  • Risk Assessment
  • IT Ops
  • Organizational Security
  • System Changes
  • Policy
  • Privacy/Compliance
  • Recovery
  • Physical
  • Access Control
  • HR