Under the fast changing conditions within the Enterprise, risk management is an increasingly important tool in corporate management strategies.
Risk Assessment, the most important part of risk management, provides a detailed articulation of the risks associated with the information assets and supporting IT&C resources at risk, threats that could adversely impact those assets and vulnerabilities that could allow those threats to occur with greater frequency or impact. INNOVA Information security consultants follow proven methodologies to deliver effective Risk & Vulnerability assessments. Our primary goal is to identify all vulnerabilities and focus to areas where a compromise will have the greatest impact and create the highest risk to the Organization.
Innova’s offering regarding Information Security Risk Assessment is comprised of the following scalable set of services:
Enterprise Risk Assessment
A high-level risk assessment considers the business values of the information systems and the information handled, and the risks from the organization's business point of view.
This is a cost effective service which concentrates more on the business and operational environment than technological components. It also provides a way of benchmarking the effectiveness of information security across the organization and it will identify the weak areas so these can be revisited with a more intensive analysis.
Enterprise Risk & Vulnerability Assessment
This is a detailed information security risk assessment service involves in-depth identification and evaluation of assets, the assessment of threats to those assets, and assessment of vulnerabilities. The results from these activities are then used to assess the risks and then identify justified security controls.
The value offered by the detailed information security risk assessment is the assessment of the overall risks of the Organization. The overall assessment of the risks is a combination of the potential adverse business consequences of unwanted incidents, and the level of assessed threats and vulnerabilities.
................................................................................................................................................................................................
Risk Assessment Deliverables
Information Assets Registry
Business Impact Analysis
Risk Assessment Report
Executive Summary - Presentation
................................................................................................................................................................................................
Technical Infrastructure-Specific risk assessment
Technical Risk & Vulnerability assessments targeting specific technical infrastructures defined by the Organization e.g. Network security assessment, email, internet infrastructure, ISMS assessment, GSM/GPRS/3G assessment etc.
Security today is a fast growing issue for telecommunication carriers and service providers. In particular, operators are concerned with protecting their network infrastructure as well as being compliant with legal & statutory requirements. There are clearly many vulnerable points in the operators’ network today. Each of these points has its own unique characteristics and demands.
INNOVA provides information security risk assessment services targeting carriers & operators core network infrastructures i.e. GSM/GPRS/3G. In the context of the assessment we assess the security risks related to the Access, Transmission, Switching & Management (both element & network layer) infrastructures. Furthermore, risks related to the interfaces among the components of each infrastructure as well as the network used for intercommunication is included in the assessment.
Penetration Testing
The penetration tests target systems (e.g., firewalls, routers and servers) that can be reached from the Internet. It provides an analysis of the potential vulnerabilities that could be exploited by attackers over the Internet. INNOVA Information Security consultants will perform a focused penetration test (network scanning & manual testing) on your infrastructure that will provide a true real-world examination of the security baseline of your business critical systems and applications. INNOVA offers three (3) alternative options for penetration testing, each of them differentiate at the level of manual exploitation of the defined vulnerabilities.
................................................................................................................................................................................................
Penetration Testing Deliverables
Executive summary
Methodology overview
Penetration scenarios
Vulnerabilities & recommendations
Implementation action plan
................................................................................................................................................................................................
Regulations Compliance Assessment
Regulatory compliance is of extremely high importance for the majority of the organizations. INNOVA consultants assess the Organization for compliance against specific regulations, eg. ΑΔΑΕ (Hellenic Authority for the Information and Communication Security & Privacy), Bank of Greece, Sarbanes-Oxley Act (SOX). This is an effective way to demonstrate compliance with regulation & industry standards.
Vulnerabilities Alerting
INNOVA offers annual subscription to vulnerabilities Database & alerting service.
Benefits for the Customer
Identification of Security Threats & Vulnerabilities regarding Corporate information
Risk Evaluation & Business Impact
Specification of the appropriate Mitigation Controls
................................................................................................................................................................................................
