Integral to any Information Security Management System is the process of "assessing" the control environment to understand where control gaps may be leaving the organization at unacceptable risk.  Information Security Assessment activities generally fall into three categories:

• Design Assessment activities which evaluate the appropriateness of controls by comparing the control design against the client's control objectives, industry good practice, laws/regulations, and/or the auditor's professional judgment (e.g., an Application Architecture review).
• Compliance Assessment activities which validate that the control measures established are working as designed, consistently, and continuously (e.g., a Password Audit).
• Substantiative Assessment activities that provide the auditee with assurance that the "net" control objectives are being achieved, and where they are not, provides a measure of probability and business impact (e.g., a penetration test).

Our services pages speak to many (but not all) of the information security assessment activities you may consider to achieve your objectives. 

If we can be of assistance in determining the optimal combination of activities to achieve your objectives  please call 888-PivotPoint and ask to speak with our Practice Area Manager or send us an email.

Taxicab Security - Proof that Information Security Affects Everyone! View the Presentation Now 

Even if transportation isn't your primary field, information security knows no boundaries. Download John Verry's presentation to the International Association of Transportation Regulators 22nd Annual Conference in New York City (September 2009). Learn about the perils and pitfalls of securing data from a moving target! Click the image below to access the download.