In this service, SPS cybersecurity assessment consultants conduct and document a formal Security Risk I Vulnerability Assessment for Information Security Assets (IT and OT) with a view of identifying, estimating and prioritizing risks to which your organization’s operations are exposed due to information security vulnerabilities. The control testing is based on the controls specified by our clients.
Our risk and vulnerability assessment includes the following :
Current and detailed description of your organizations\'s business and technological environment and existing security measures in place including identification of location, systems and methods for maintaining information;
Identification of information and the information systems to be protected specifically;
Classification and ranking (high, medium, low) of the sensitive systems, applications in order of their importance and based on the assessment of threats and vulnerabilities or risk assessment;
Assessment of potential threats and vulnerabilities to security and integrity of data, information systems and applications;
An evaluation of existing Security Controls\' effectiveness against each threat and vulnerability
Security and contractual responsibilities of Service Providers (SPs), including customers who have access to the licensee\'s systems and data;
Compliance, concentration, operational, country and legal risks shall be assessed by the licensees before entering into the contract, while managing information security outsourcing arrangements with the SPs;
The Security Risk / Vulnerability Assessment shall be carried out at least once a year; however, in case of a major security breach, significant changes to the infrastructure and introduction of a new product or service, an immediate review of risk assessment shall be carried out. Further, in case of a major security breach, risk assessment review shall include a detailed analysis of the factors that cause such security breaches.