Security & Critical Business Information Assessment
[RE]DESIGN will provide the following security assessment and consulting services with the objective of ensuring a long-term risk mitigation plan and maintaining compliance with stringent industry audit requirements. The assessment will cover the following areas that will be reviewed against industry best practices:

/01

GOVERNANCE + MANAGEMENT REVIEW

  • Policy review and compliance gap analysis
    (i.e. policies for security, asset, acceptable use, IT)

  • Risk management framework review and gap analysis

  • Exception, Incident, and Change management​

/02

PHYSICAL SECURITY REVIEW

  • Procedures and process (i.e. entry & exit, visitors, evacuation)

  • External and internal security controls (i.e. building security, alarms, CCTV, lighting, guards)

  • Access control (i.e. door access, key management)

  • Environmental controls

/03

RESOURCES

  • Risk & Security team and leadership

  • Security and Digital Security Budget

  • Personnel hiring process

  • 3rd Party resources (i.e. contractors, temp agency, consultants, cleaners, etc.)

  • Technology procurement process

/04

TRAINING, AWARENESS + CULTURE

  • Training & development programs and participation

  • Policy & procedure diffusion

  • Security Awareness diffusion

/05

ASSET MANAGEMENT

  • Policy, procedural, and administrative controls for asset handling and reconciliation

  • Secure asset storage and transfer/transportation

  • Destruction policies and procedures

  • Storage systems review (i.e. NAS, SAN, backup tapes, file servers, safes)

/06

DIGITAL SECURITY REVIEW

  • General Security Processes

  • Vulnerability management

  • Encryption and key management

  • Documentation and IT asset management

  • Configuration management

  • 3rd Party access control

/07

NETWORK INFRASTRUCTURE

+ ARCHITECTURE

  • External and upstream networks (i.e. WAN, Corp. network, Colocation)

  • Internal network segregation

  • Firewall, IPS/IDS, ACLs, and/or UTM policy/rules review

  • Monitoring and logging

  • Wireless Network security

/08

HOST + SERVER SECURITY

  • Host management (i.e. system image, configuration, and policy management)

  • Access control (i.e. account management, password policy, lockout policy)

  • Removable media controls

  • Security controls (i.e. anti-malware, host based firewall, IDS/IPS, and monitoring)

  • Virtualization best practices

/09

MOBILE SECURITY

  • Mobile device management

  • Theft mitigation

  • BYOD policy

/10

APPLICATION SECURITY

  • Authentication & Authorization Servers (i.e. LDAP, Active Directory, SSO)

  • Web, Database, middleware security

  • Render farm security

  • Email and collaboration tool security

  • File transfer and I/O Processes (i.e. customer, internal transfers)

/11

CLOUD SECURITY

  • Platform security (i.e. AWS, Azure, Google Cloud best practices)

  • Cloud Connectivity

  • Cloud management

/12

REMOTE ACCESS SECURITY

  • Remote production network access

  • VDI systems

/13

BACK-UP, BUSINESS CONTINUITY + DISASTER RECOVERY

  • BC/DR Plans

  • Backup system review

  • Resiliency and redundancy review

/14

REVIEW + ANALYSIS

  • Interviews and shadowing staff at all levels of production and production support

  • Reviewing active running configurations on switches, routers, servers, workstations, firewalls, IDS/IPS, production workstations, CCTV/DVR systems and storage

  • Physical site walkthroughs

  • Review written policies, procedures, guidelines, manuals, documentation, etc.

  • Run network discovery tools and vulnerability scanners (time and permission allowing)

/15

REPORTING + REMEDIATION

  • Provide an Executive Summary report with results and recommendations

  • Develop and implement a corrective action plan

  • Work with appropriate teams to implement required changes and corrections

  • Review changes performed

For pricing information and to schedule your

Security & Critical Business Information Assessment

  • Grey LinkedIn Icon
  • Grey Twitter Icon
  • Grey Facebook Icon
  • Grey Instagram Icon
  • Grey Google+ Icon

The [RE]DESIGN Group
2629 Manhattan Ave, Suite 307
Hermosa Beach, CA 90254

United States

The [RE]DESIGN Group
1450 2nd Street

Santa Monica, CA 90401

United States

The [RE]DESIGN Group LTD

6 New Street Square

New Fetter Lane

London, United Kingdom, EC4A 3BF

The [RE]DESIGN Group FR

64-66 rue Des Archives

75003 Paris
France

The [RE]DESIGN Group Canada

501- 321 Water Street
Vancouver BC V6B 1B8
Canada