Compliance Overview
IT Security Compliance regulations and guidelines (GLBA, FFIEC, FDIC, OCC, OTS) require an organization to conduct independent 3rd-party testing of the Information Security Program to identify vulnerabilities that could result in unauthorized disclosure, misuse, alteration, or destruction of confidential information, including Non-Public Personal Information (NPPI).
An Information Security Program must include safeguards designed to protect against both technical and human vulnerabilities.
Because the security program incorporates more than just the network, Best Practice guidelines suggest testing should include more than a simple network vulnerability scan. The recommended Best Practices methodology is a Security Assessment that incorporates testing of both technical and human vulnerabilities people related to the information security program.
Solution Overview
Our Comprehensive Security Assessment was designed specifically to meet the regulatory requirements and address the needs of organizations of all sizes. The assessment provides a thorough examination of your networks to determine the adequacy of existing security controls and to identify security deficiencies.
The assessment process is managed through TraceSecurity Compliance Manager (5.0), a web-based portal designed to provide convenient access to a variety of tools used to continuously assess the three core components of an information security program: People, Processes, and Technology.
|
