Compliance as a Service

• Home
• About Us
• The Process
• Solutions
• Skills Transfer
• Resource Center
• Current News
• Testimonial
• Contact Us

Security Assessment

The first step in creating an effective data security policy, is to identify all risks.

Effective Data Security starts with a security assessment. In order to be able to advise on corrective action and put a proper data security policy in place, VigiTrust must first carry out a thorough security assessment. The assessment covers two main areas: Technical and Non-Technical.

Technical Security Assessment

The aim is to identify actual or potential security vulnerabilities in IT infrastructure. Such an assessment starts with detailing all IT infrastructure and data classification, and then moves on to actively testing for vulnerabilities. The activities involved in searching for vulnerabilities include but are not limited to:

• Network penetration/ethical hacking
• Secure Code review
• Network Scanning
• Application Version identification

Non-Technical Security Assessment

The aim of a non-technical security assessment is to identify actual or potential security vulnerabilities which exclude IT infrastructure. Such an assessment includes but is not limited to the following:

• Staff Survey to ascertain awareness level vise vie data security
• Social engineering dry runs
• Physical Security analysis
• Evaluation of policies & procedures.

Data Standards Covered

VigiTrust have developed security assessments which are specific to the following data standards:

• PCI DSS
• ISO 27001
• Sarbanes Oxley

In addition, VigiTrust has developed a general security assessment which is not standard specific, and is based on best practice from a multiple of standards and based on VigiTrust's extensive experience.

• Legal Privacy
• Legal Terms
• Resources