FRSecure

Information Security Assessment

FRSecure Home

• What is an Assessment?
• Why should you do one?
• FRSecure's Approach
• Assessment Scope
• What do you get?
• What ensures success?
• Why choose FRSecure?

Standards Compliance

• ISO 17799:2005
• PCI-DSS
• HIPAA
• GLBA

About Us

• 3992 Spruce Road
  Minnetrista, MN 55375
  
  888.676.8657
  
  info@frsecure.com

FRSecure's approach, tried and true.

Our approach to information security is based upon constant education and years of professional experience. Our people have dedicated ourselves to protecting the confidentiality, integrity and availability of information assets. We have tried many different approaches over the years in many different environments and we have witnessed the things that work and those that do not. We have refined and re-refined.

Today, we have the expertise to devise and apply proven and cost-effective methods for protecting information.

So what is our approach?

On the surface, our approach to information security is simple:

1. Assess where we are at now

An assessment of value needs to take into account a vast amount of information from a variety of business units (administration, legal, compliance, human resources, IT, etc.) in order to give an accurate depiction of the "big picture", yet the assessment must also present findings in such a manner as to be digestible and actionable. An assessment is a critical component to the start and on-going maintenance of an information security program. Think of it this way; how can you start out to accomplish something if you don't know where you are starting from?

2. Decide where we need to be and when

With an FRSecure assessment in hand, many decisions can be made. Now that risks have been identified and decisions can be made as to how to treat them. Is a specific risk acceptable as is? If not, should a control be devised to address it? Should it be insured against (transferred)? Should it be ignored (bad idea)? It almost goes without saying, but care needs to be taken in decisions made at this stage. An information security program must align with the business.

3. Devise a plan to get there

At this point we know where we are and we know where we need to be. Now, we need to decide the best way for us to get there. A detailed plan of action takes shape. In order for the plan to be of real value it must be cost-effective, i.e. the dollar amount to be spent on controls needs to be less than the potential damage caused by the lack of control.

4. Execute on the plan

Careful action is taken here along with constant re-evaluation of the plan itself.

5. Maintain, monitor and evaluate

The program will only be as effective if the management of the program is effective. Maintenance, monitoring and effectiveness evaluations are all part of running the program. Annual or bi-annual third-party assessments are recommended for most organizations, depending upon the nature of your business and the information you need to protect.

FRSecure conducts a vast majority of our assessments based upon ISO 17799:2005.

What is ISO 17799:2005?

For more information, please submit:

Business Name:

Contact Name:

Email Address:

Phone Number:

Comments:

FRSecure LLC, 3992 Spruce Road, Minnetrista, MN 55387 - 888.676.8657

Copyright � 2009 FRSecure LLC All Rights Reserved.