How good is your security program?
All companies face security risks. Sometimes these are physical risks like the possibility of a burst pipe in your data center, but most security risks involve your critical information. You need to stay one step ahead to protect your company or organization, its brand, data and reputation. Without knowing where you are before an attack, you can’t be sure you are ready to defend your organization.
HP Risk Management and Compliance Services evaluate your company’s current status and uncover ways to better protect your shareholders and your customers. They do so through:
- Identifying vulnerabilities and threats and quantifying and managing risk
- Defining appropriate security controls and governance
- Supporting compliance requirements
- Training personnel in security awareness
Through understanding where you stand and through strong governance processes, you can close vulnerabilities and protect well your organization.
How mature are your controls?
Protect your revenue and reputation and avoid fines or criminal liability imposed by regulations like Sarbanes-Oxley, HIPAA or PCI DSS. With HP Risk Management and Compliance Services you can manage risks and costs. Business operates with a certain amount of risk—without it business doesn’t move forward—but you can manage the risk in your environment.
Using our comprehensive ITIL-based Information Security Service Management (ISSM) reference model, we look at your total environment and controls. By examining the whole environment, you gain a broader perspective of your needs and may be able to cut costs or redirect spending to the areas of greatest need.
- Information Security Risk Assessment—Assess your risk based on the controls defined in ISO 27002. We identify threats and vulnerabilities, and we identify and define controls across your business unit or company. We measure and document your environment to assess your current standing.
- Control System Maturity Assessment—Get a comprehensive assessment of your organization’s current security safeguards. Includes a gap analysis between your current state on one side and on the other side, the ISO 27001/27002 standards and all relevant compliance mandates. We specialize in analyzing the maturity of your controls to find out how well they are protecting your environment.
Point Security Assessment and Certificate Services
We analyze your controls for compliance with a specific mandate. We develop recommendations on dealing with gaps, and we identify unmet requirements.
- Database Security Healthcheck
- DIACAP Certification and Accreditation (defense industry)
- Document Capture and Security Assessment
- FISMA Assessment (US federal government)
- HIPAA Assessment
- ISO 27001 Readiness Assessment
- NERC CIP Assessment (electrical utilities)
- NIST SP 800-37 Certification and Accreditation (U.S. federal civilian agencies)
- PCI DSS Pre-Assessment
- SCADA/Process Control System Security Assessment
Account Security Governance Services
For IT outsourcing clients, this service provides an assigned HP account security officer as a single point of contact and coordination for all your security and compliance related issues. He or she works with you to improve your security controls and policies.
Security Training and Awareness
We develop an on-going security awareness program for your personnel by training them on important security practices. The program is carefully monitored and measured to show improvement over time. People are too often the weakest link of a security program and security awareness training in your company can significantly reduce your vulnerabilities.
Information Security Continuance Plan
We help your company develop an ongoing security plan using our ISSM reference model to meet the controls defined in ISO 27001. We show you how mature your environment is and how your maturity has improved over time. Our experts provide positive reinforcement for business and IT personnel so they can continue to improve your company.