Overview
This
service has been developed for organisations in which there is a need
for the IT infrastructure (particularly business servers) to comply with
various regulatory standards such as ISO27001, PCI DSS or other
standards, but where the organisation is either lacking in the requisite
knowledge or sufficient resources (or both) to achieve such compliance.
Using
the market leading Assuria Auditor software package in use in more than
375 major organisations worldwide, this service will deliver an initial
assessment of the current state of up to 3 representative sample servers
in relation to the required standard, providing a clear understanding of
the current level of compliance of the sample systems and a good
appreciation of the likely effort required to achieve full compliance.
Deliverables
The
ITSec CSS service provides the following deliverables:
-
A
management summary report indicating the current level of compliance
to the required standard of the target systems;
-
A
detailed report for each system showing each area of non-compliance,
the implications of the non-compliance and a clear English language
description of how to correct them;
-
The report will also highlight general areas of poor security
practice and known vulnerabilities discovered;
-
A
senior management presentation on the outcome of the service and
suggested next steps.
Dependencies
The
ITSec CSS service is applied to fully operational systems and does not
require target systems to be shut down or for normal operations to be
affected. The service does require the following:-
-
System administrator assistance for installation of a small software
agent on the target systems;
-
Server access via a desktop or laptop system (can be an existing
Sysadmin PC or a laptop provided by the Assuria Consultant);
-
Access to responsible system/security administration personnel;
-
Access to IT management for presentation of findings.
Duration
Duration is 3 days elapsed (2 on site).
