IT Risk Assessment
In today’s dynamic technology environments, organizations are exposed to many security risks that need to be mitigated by implementing the appropriate level of internal controls. These controls are critical, and have two facets: design of controls and operating effectiveness of controls. In addition, organizations are required to comply with a variety of regulations, including:
The IT Risk Assessment reviews the customer’s IT environment and identifies risks, internal controls, and gaps in controls. The Assessment then breaks down the probability and impact of individual risks, and maps those risks to various IT Security Frameworks, such as CoBIT, NIST, and ISO27001.
At the end of the engagement, Compass will develop a detailed written report that outlines the following:
- Compliance requirement or security control in question
- What your organization has in place compared to that compliance requirement or control objective
- A risk rating that outlines the delta between the requirement and your current control
- Clear, actionable remediation strategy to mitigate your risk
Compass IT Compliance, a leader in IT Compliance services throughout the United States, is certified as a PCI Qualified Security Assessor (QSA). Compass' expert consultants – all CISA certified auditors, network engineers and project managers – stand ready to assist you with all your organizations IT Secuirty needs.