Information Security Analysis

A key component of ITSEC Asia’s Information Security Analysis process is an Information System Security Assessment, which is a comprehensive security analysis that is often selected by client companies seeking to ensure the security of their critically important information assets.

ITSEC Asia’s comprehensive IS Security Assessment follows ISO27001/ISO27002 standards and covers both technical- and management-related aspects of Information Security Management Systems (ISMS).

An Information System Security Assessment covers the following critical areas:

  • Security Planning; Business Continuity and Disaster Recovery Planning, Incident Response Planning, Security Policy, Security SOPs and other available documentation
  • Configuration of firewalls, network routers and switches, servers, workstations, database and others
  • Security of core business applications, web-site and web-applications, e-commerce applications, domain security, security of authentication and identity management systems, security of communication systems
  • Conformance to ISO 27001 standards

The most valuable results can be achieved if an Information System Security Assessment is combined with penetration testing executed as the first stage of the project. This measured approach provides additional benefits such as increased security awareness, practical evaluation of implemented security measures and identification of impact of discovered security weakness. It also allows our consultants to understand client’s organisation better and ensures a more precise understanding of the risks involved.

ITSEC Asia’s comprehensive IS Security Assessment ensures the rapid implementation of recommended changes and allows executive management to develop a long-term strategy for improving and maintaining the security of information systems.

In the course of an Information System Security Assessment our consultants also focus on knowledge exchange cooperation with a client. Together with a project’s final report ITSEC Asia delivers a comprehensive training programme that ensures a thorough understanding of the assessment results. The IS Security Assessment findings are presented to the client in a comprehensive report, along with several presentations to executives, management and technical teams.

Each identified security weakness will include risk assessment and recommendation for risk mitigation method. For each finding ITSEC Asia also explains and rates the risks involved, provides a comprehensive explanation and rates the complexity of implementation of the prescribed recommendations.

Key client benefits of the Information System Security Assessment include:

  • Provides management with a comprehensive picture of that current condition of information security management system, which simplifies the strategy planning for ISMS
  • Prepares ground for ISO 27001 certification-related initiatives
  • ROI thanks to optimised security measures, identification of critical areas and improvement of security planning; secure information infrastructure is also more cost-effective to maintain

ITSEC Asia’s Information Security Analysis process includes:

  • Information System Security Assessments
  • Security Architecture Review
  • Vulnerability Assessment
  • BCP / DRP Assessment
  • Cloud Security Assessment