Control Effectiveness Review
This service provides you with a fine grained approach to assessing efficacy of information security controls; as a standalone review and report, or as part of formal review of an ISMS.
Do you have a mature security function with an effective information security management system (ISMS), well-formed policies, mature standards and a well-staffed InfoSec team, strong management commitment and a current risk management (RM) framework in place? As with any management system, it can often be difficult to have a clear picture as to how effective an ISMS of this nature actually is in operation - are controls effectively reducing risk? Are they being applied correctly? Is monitoring effective, and are metrics being reported on correctly?
We use the CMMI model (Capability Maturity Model Integration) to provide a consistent and repeatable measure for the maturity of the controls that have been implemented. This assessment can focus on a specific part of an organisation such as vulnerability or patch management, access control, logging and security event reporting, or across the entire organisation. For these engagements we work within your control framework, Risk Management and Treatment methodologies.