Information Security Risk Assessments

Providing Strong Foundations for Risk-Management Decisions

Running a secure network means making good decisions. And, to make sound decisions in a world of constantly emerging threats, you must conduct regular cybersecurity risk assessments. LBMC Information Security designs its risk assessments to arm your organization with the information it needs to fully understand and effectively communicate your risks and compliance obligations. We have even developed our own customizable risk assessment software to identify, analyze, and manage your security risk in a better way.

Efficient Compliance with Multiple Frameworks

With the explosion of information security regulations, especially in the healthcare and finance arenas, organizations can easily comply themselves out of business. Achieving a successful balance of need-to-have and compliance measures and nice-to-have compliance measures requires a business-centric and integrated approach. Our team members draw on extensive experience and credentials to perform a single information security risk assessment that covers compliance with multiple frameworks and standards, such as:

  • National Institute of Standards and Technology Cyber Security Framework (NIST CSF)
  • ISO 27001 Framework
  • HIPAA Privacy & Security Rule Risk Management Standard
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Health Information Trust Alliance (HITRUST) Common Security Framework
  • Centers for Medicare & Medicaid Services (CMS) Acceptable Risk Safeguards
  • Section 404 of the Sarbanes-Oxley Act

People, Process, Technology

Our team includes individuals who are skilled at evaluating all three pillars of security: people, process, and technology. Our policy and process specialists perform thorough interviews and document reviews, while our technical analysts take a close look under the hood of your network. The result is a thorough and comprehensive analysis of the current state of security in your organization and a clear picture of your security posture. Our security risk assessment approach involves the following phases:

  • Reviewing documentation, including information security policies, processes, IT systems, logs, and training materials, and comparing them to leading practices outlined in relevant regulations.
  • Conducting interviews with key personnel who perform, administer, or oversee IT security and privacy functions, as well as other lines of business owners.
  • Perform vulnerability and technical assessments on a variety of automated and manual assessments, using numerous tools and methods to assess your information security system and identify areas that could pose threats to your company.
  • Prepare the current state assessment report, which compares the results of the first three phases to the relevant security framework(s).
  • Deliver your compliance scorecard and dashboard that highlights your organization’s progress toward compliance with each of its regulatory obligations and the specified security frameworks for easy reference. This document presents the information in a manner that is easily digested by business executives while also providing the details that those with security and compliance responsibilities will need to remediate any weaknesses.