MENU

Control Effectiveness Review

If you can't measure it, you can't improve it

This service provides you with a fine grained approach to assessing efficacy of information security controls; as a standalone review and report, or as part of formal review of an information security management system (ISMS).

How mature is your security function?

Do you have a mature security function with:

  • an effective ISMS?
  • well-formed policies?
  • mature standards?
  • a well-staffed InfoSec team?
  • strong management commitment? 
  • a current risk management (RM) framework in place?

As with any management system, it can often be difficult to have a clear picture as to how effective an ISMS of this nature actually is in operation.

  • Are your controls effectively reducing risk?
  • Are they being applied correctly?
  • Is your monitoring effective?
  • Are your metrics being reported on correctly?

We can help you assess the maturity of the controls that have been implemented

We use the CMMI model (Capability Maturity Model Integration) to provide a consistent and repeatable measure for the maturity of the controls that have been implemented.

This assessment can focus on a specific part of an organisation such as:

  • vulnerability or patch management,
  • access control,
  • logging and security event reporting, or
  • across the entire organisation.

For these engagements we work within your control framework, risk management, and treatment methodologies.

Want to know more about how our control effectiveness review solutions can help you? 

Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our Control Effectiveness Review solutions.

Request more information

All solutions logo 01 Solutions

  • Control Effectiveness Assessment

    There are a range of reasons you need to assess whether your security controls are effective.

    If you can't measure it, you can't improve it

    There are a range of reasons you need to assess whether your security controls are effective.

    A prospective partner may need a level of assurance, or maybe it is to ensure compliance.

    Regardless of the reason, SSS has the broad and deep knowledge of cyber security principles required to perform the assessment.

    How can we help you?

    We test your organisation's policies, procedures, and ICT systems against your existing security control set, or we can work with you and help determine the most appropriate control set.

    Our information security consultants work with your ICT team to assess the implementation of the relevant controls. We will note discrepancies and provide a detailed accounting their status.

    What do you get?

    • An assessment of the effectiveness of your organisation's security controls
    • Information that allows a focused and efficient approach to improving your security posture

    Want to know more about how our control effectiveness assessment service can help you? 

    Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our control effectiveness assessment solutions.

    Request more information

  • Penetration Testing

    We have partnered with ZX Security to provide you with digital penetration testing services to supplement our other capabilities.

    We have partnered with ZX Security to provide you with digital penetration testing services to supplement our other capabilities.

    Penetration testing plays an important role in helping you understand application, network and perimeter based vulnerabilities that hackers could exploit. Understanding what these gaps are is the first step towards remediation.

    We have worked with ZX Security on numerous clients and rate them as one of the best Penetration Testing firms in New Zealand. That is why we also use their services on our own perimeter and applications.

    Want to know more?

    Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more. about our penetration testing service.

    Button

    Our Process

    • ZX Security uses a structured approach to penetration testing which is based on the Open Source Security Testing Methodology Manual (OSSTM) and the Open Web Application Security Project (OWASP) Testing Guide.

    • At the conclusion of an engagement, you will receive a detailed report identifying security issues. This will include technical recommendations that are operationally focused to assist your staff in remediating the issues found.

    Focus Areas

    Some areas that we can help with, in conjunction with ZX:

    • External penetration tests
    • Internal penetration tests
    • Red team engagements
    • Web / API application penetration tests
    • Mobile application security review
    • Source code review
    • Corporate WiFi penetration tests
    • Host hardening review
    • Radio spectrum hacking
    • Cloud security review