Security, Compliance and Risk Assessment

Since moving to milestone 1 of the prioritized approach for PCI DSS, a Risk Assessment is now at the forefront of urgent tasks that require completion if you are to stay ahead of the game.  2-sec are specialists in Risk and combine our Risk Assessment with a review of Security and Compliance, addressing both PCI DSS v2.0 controls 12.1.2 and 12.1.3.

The Risk, Security and Compliance Assessment consists of a series of workshops and report output.  We work with you to understand why processes have evolved in certain ways and look to find solutions to reduce the scope of your exposure, thus lessening the overall cost and burden of regulatory compliance.  We will assess:

• Financial, reputational and regulatory risk of exposure to data loss
• Comparative risk to organisations of a similar operation
• Risk assessment and risk profile of third parties
• Alignment with security best practice and protection against known threats
• Protection against emerging threats (eg social networking, crimeware, advanced persistent threats)
• Scope of exposure to regulations such as the Data Protection Act, Financial Services Authority and Payment Card Industry Data Security Standard, by taking a data-centric approach, analysing data flows, repositories, people, processes and third parties to ensure that your security program has a solid grounding.
• Where your data is and why it needs protecting
• Risk Assessment inline with PCI DSS Control 12.1.2
• Existing Risk Registers

We provide a report to serve as a baseline for your project moving forward, or to enable you to de-scope, re-architect and reduce exposure before proceeding.

Please call us today and we will show you how we can help.