At Protecting business assets is critical to success of any enterprise, public or private. Information assets are vital to the operation and business has an obligation to its stakeholders to protect these assets. The security of your information assets is not a job that should be entrusted to personnel without a track record of proven reliability. PCG offers the senior technical consultants who understand information security and have the experience to safeguard your information assets.

 

The first step towards protecting those assets is the completion of a comprehensive risk assessment. The objective of the risk assessment is to determine the current state of your security situation and to identify potential exposures to the business and its assets.

 

Once you are aware of the business risks, controls can be developed to mitigate the risks and processes can be established to monitor and manage those controls. Information security is achieved by implementing a suitable set of controls, which includes policies, practices, procedures, organizational structures, hardware, and software. These controls ensure that information security preserves:

  • Confidentiality - ensuring that information is accessible only to authorized users,
  • Integrity - safeguarding the accuracy and completeness of information and processing methods, and
  • Availability - ensuring that authorized users can access information and associated computing assets when required.

Information security policies are the basis of an effective Information Security Management program. Without information security policies, users do not know their responsibilities regarding the protection of information assets and the IT organization cannot provide consistent and adequate information security implementations. PCG is experienced at developing security policy for your business or we can assess the existing security policy. We base our policy assessments on accepted industry standards from organizations such as the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST). Effective security policy should address the following topics:

  • Security Policy Statement
  • Security Organization
  • Information Asset Classification and Control
  • Personnel Security
  • Issue-Specific Operations Policy
  • System Development and Maintenance
  • Business Continuity Planning
  • Incident Response and Management
  • Compliance and Governance

In addition to risk assessments and security policy development and review, PCG offers security assessment and planning services for specific infrastructure and application components, such as networks, platforms, applications and data center facilities. In the area of healthcare related systems, PCG also offers HIPAA Security Rule compliance assessments.

More Information

For more information about PCG Technology Consulting's Security Planning and Assessment services please contact us at info@publicconsultinggroup.com or 1-800-210-6113.