The Security Risk Survey is a set of technical audit and assessments of processes that aims to identify in a short period of time, the exposures of critical information assets, from the confidentiality, availability and integrity aspects.
Researches show clearly that as an organization adopts a pro-active approach through prevention activities (such as risk surveys, regulatory compliance, monitoring and alarm systems, etc.) so the likelihood of exposure and breach decreases.
The focus of the risk survey determined according to the need of the organization. Here are some examples of common types of risk assessments:
- Data leakage risk survey (focused on the type of information critical to the organization)
- Risk survey based on the PCI-DSS standard requirements
- SOX (Sarbanes-Oxley) and iSOX risk survey
- Risk survey for internal audit needs
- Risk survey based on the ISO 27001 standard requirements
- Supervisor of Banks (357) and supervisor of the Capital Market, Savings and Insurance (257) risk surveys.
- Comprehensive risk survey of the organizational IT infrastructure
- Risk survey of system which has been defined as critical to the organization
Since its establishment in 2005, IPV Security has carried out risk surveys and security assessments in more than 200 companies and organizations, mostly in Israel.
The risk surveys are adapted ('tailor-made') for each organization, based on its size, geographical deployment, industry type, regulatory requirements and so on, and are conducted by information security experts ("Ethical Hackers") on the basis of a unique methodology developed by the company.
This methodology combines:
- Security audits and assessments, applying both Black Box and White Box approaches.
- Interviews with key officials in order to map the information assets and identify security exposures and vulnerabilities.
- Reviewing information security procedures and their implementation within the framework of the organizational business processes.
At the end of each survey, a concise report, containing the current status of the administrative situation as well as details of all findings, conclusions and prioritized recommendations to correct the different exposures and vulnerabilities, is served.
To receive a case study example and/or schedule a meeting with an information security expert, contact us.