Select Page

Audit/Assessment Approach

FRSecure is a full service information security consulting and management company.  If you need anything security related, from assessments to social engineering to security training to policy development etc., give our team of experts a call and find out how to get our experience working for you.

Overall Objective

Audits and assessments are generally done as projects with defined start and end dates.  Our goals going into the project:

  • Deliver what you need and want
  • Do it on time
  • Do it within budget (we’re typically fixed bid, so you don’t get surprised by excess bills)
  • Transfer knowledge (you get more value if you ask us questions, so we encourage you to do that)
  • Make sure you’re compliant (whether it’s regulatory, customer driven, or successfully completing a specific audit)
  • Deliver the best reports you’ve ever gotten
  • Give real, actionable recommendations that are appropriate to your organization, industry, size, culture, etc.
  • Help make security better, no matter what stage of development your security program is in
Process

We use a very straightforward process when managing project based assessment or audits:

  1. Kick-off call:
    • Get everyone on the same page
    • Identify security roles within your organization
    • Start collecting information (send policies, network diagrams, employee handbooks, etc)
    • Schedule information gathering sessions
  2. Information gathering
    • Dependent upon the type of project, but if we’re onsite we’re conducting interviews, running vulnerability scans, etc.
    • Penetration tests and external vulnerability assessments are performed remotely
  3. Organization, analysis and report writing
    • This is where we spend the majority of our time during the project
    • Typically this is a 2-6 week process, depending on the type of engagement
  4. Delivery
    • Go over findings with you and your team
    • If desired, deliver to leadership teams or Boards as well
  5. Next steps
    • We never want to leave our clients wondering what to do next.  We want to talk to you about what to next, and after that, and after that.
Outcome

Specific deliverables are dependent on the type of project, but in general:

  • Very happy client
  • Project was done on time and within budget
  • Deliverables have been reviewed and approved
  • Compliance has been satisfied
  • Successful audit completion if applicable
  • Leadership knows where security stands within different areas of the organization and know their security responsibilities
  • Those responsible for security have a solid security roadmap going forward
  • You view us as a security resource that you can call when you have questions
  • We’ve had some fun throughout

Contact Us Today For A Free Consultation

Contact us today and get access to FRSecure’s team of information security experts.

Contact Sales