 |
Enterprise Security Assessments
|
|
VeriSign Enterprise Security Assessment reviews
your policies and practices - not just in your systems - to identify
vulnerabilities and risk. We provide a strategy with ranked priorities
and a roadmap with industry-standard recommendations.
|
| The Purpose | Identify security gaps. Assess policies and practices - not just systems. Weigh benefits against costs. Develop a strategy for the future. |
| Value to You | Identify consequences, not just vulnerabilities. Protect your business and reputation. Guard against relationships with at risk companies. |
| How We Work | Learn your goals and constraints. Determine where risk is highest. Identify applicable regulations and standards. Interview and review. Conduct hands-on verification. Rank findings by your goals. Provide cost benefit analyses. |
| The Results | A strategy, not just an assessment. Summaries for executives, thorough technical details for IT. Pertinent facts tailored to the groups affected. Recommendations ranked by effectiveness to your business - standards-based to give you confidence - vendor independent to give you freedom of choice. You come out smarter, not just stronger. |
| Why VeriSign | Our focus is consequences, not just risk. We help you stay competitive. Existing customers are 70 percent of our business. Our business is security, not just consulting. |
| Learn More | To talk with us about security and your business, call 650-426-5310 or submit your inquiry online.
Or, see the Global Security Consulting Services Overview. |
The Purpose
An enterprise security assessment identifies
gaps in your security. We’re careful to assess vulnerabilities in your
policies and practices - not just in your systems.
We’ve discovered that the majority of problems
we uncover aren’t just technical problems, they’re organizational problems.
We can scope our evaluation to include your entire organization - or
focus on just a discrete program. We analyze the information we collect
to:
- Help you define
your security objectives
- Recommend ways to
mitigate risk that weigh benefits against cost
- Tailor our recommendations
to your business priorities
- Develop a strategy
that evolves as threats - and
regulations - change
Back
to top
Value to You
A good risk assessment identifies not just
vulnerabilities, but the consequences to your business if your technology
or processes fail.
Revenue
Your infrastructure and your business practices enable your business
to function - and make money. We can highlight faulty security that
puts business operations (and potentially your revenue) at risk.
Reputation
Consider the value of your brand. If a security breach is serious,
your customers might lose trust - and your business could be affected
profoundly. We can help identify vulnerabilities before your reputation
suffers.
Relationships
Perhaps you partner with other businesses, outsourcing to an off-shore
operation. Or maybe you’re planning a merger or acquisition. We can
help you make sure that any relationship doesn’t increase your risk.
Back
to top
How We Work
- We learn your goals and constraints.
We meet with key
personnel to understand:
- Your business goals
- The money and staff
members you can devote to fixing security problems
- We determine where risk is highest.
Many risks are
the same for everyone - but we also identify the risks that are foremost
in your industry. We meet with key members of your team to understand
your concerns.
- If you’re a financial
institution or a healthcare company, regulatory compliance is probably
your top concern.
- If you’re a retail
company, you’re probably most concerned about credit card association
compliance and brand risk.
- If you’re an e-commerce
company, your major threat is likely to be denial-of-service attacks
that interfere with business operations (and potentially revenue).
Read Industries
We Work With to learn more about our experience in your industry.
- We identify applicable regulations and standards.
To clarify your
security objectives, we identify the government regulations and industry
standards that are applicable in your industry:
Read about Compliance
and Your Business.
- We scrutinize your security – hands on and in depth.
We examine your
company’s systems, policies, and controls. We conduct interviews. We
review documentation. We perform hands-on tests to assess your systems.
We evaluate whether you’re adhering to your own policies. We focus on
these key areas:
Technical
Security Assessments
- Technical security
controls
- Physical and environmental
controls
- Vulnerability management
- Virus protection
- Information classification
and management
Security
Policy and Program Services
- Security policies
and practices
- Risk management
and governance
- Personnel security
controls
- Security and privacy
management
- Security awareness
and training
Incident
Response and Forensics Services
Disaster
Recovery and Business Continuity Solutions
- Disaster preparedness
and business-resumption plans
- We rank our recommendations by effectiveness and cost.
We rank our recommendations
by how effectively they can advance your business goals. We also rate
each recommendation by its cost-effectiveness and by how easy it is
to implement.
How Long It Takes
An assessment can take as little as a month - if you’re a small
company or we’re evaluating a discrete program. It can take as long
as six months to evaluate your entire organization.
Back
to top
The Results
A Strategy
You get a strategy for improvement - not just a pass-or-fail
audit. We identify what you need to do immediately and your targets
for six months out. We map out a plan for one and two years out. We
also help you track changes in your plan and assess its long-term effectiveness.
Tailored Communications
We tailor our recommendations to speak clearly and effectively
to the people they affect: your CISO, your legal counsel, and your auditors,
your Finance, HR, and IT departments. We provide executive summaries
for decision makers - and the specialized details that give your technical
staff the information they need to fix the problems we uncover.
Tailored Recommendations Ranked by Cost and Effort
We rank our recommendations. We know everyone has a limited security
budget. We search for the improvements suited to achieving the business
and security objectives that you identify - and rank our recommendations
accordingly. We help you prioritize your spending: we do a cost-benefit
analysis of each recommendation and identify which are easiest and least
expensive - and will produce the most effective results.
Industry-Standard and Vendor-Independent Recommendations
Our recommendations are standards based to give you confidence
that you’re benefiting from the most up-to-date thinking in the industry.
Our recommendations are also vendor independent to give you the freedom
to implement the solution that suits you best.
You Come Out Smarter, not Just Stronger
When we’re on-site performing services, we make a point of working
with your staff to make sure they know everything we discover. We work
to help them become a better security staff - and to build better security
awareness into your organization’s culture
Back
to top
Why VeriSign
Security isn’t just about security, it’s about
your business. We focus not on vulnerabilities, but their threat to
your business. Read about Our
Approach - the foundation for all our work.
We help you stay competitive: we use our knowledge
and experience to benchmark your risk against your industry. Read Industries
We Work With to learn more about our experience in your industry.
Seventy percent of our business comes from
existing customers. We focus on our relationship with our customers.
Our goal is to be your trusted security advisor. Read about Our
Expertise.
We’re a security company with a consulting
practice, not a consulting company with a security practice. Read about The
Value of VeriSign.
Back
to top
|
Worldwide Sites
