DataGuardZ will perform an annual risk assessment of your technical environment while focusing on the organization’s business objectives. Our analysis will emphasize the evaluation of critical systems and processes that have major impact on your business. The risk assessment results will also provide valuable information necessary to assist management in the developing, maintaining and testing of an effective Business Continuity Plan, which is an essential tool in the event of a business disruption.

In addition to the annual risk assessment process, DataGuardZ will perform frequent and extensive vulnerability assessments of the following areas:

Firewall Security	Telecommunication Security
Router Security	Operating System Security
Web Server Security	Password Strength
Application Security	Desktop Security
Wireless Security	Intrusion Detection Systems
Database Security	Network Traffic Analysis

Is your organization planning to be ISO/IEC 17799:2000 and BS 7799-2:2002 certified?

These standards require that an effective continuous monitoring approach be implemented.

• DataGuardZ methodology is based on BS7799/ISO17799 (Plan, Do, Check, Act) framework.
• Organizations that adopt the C.A.M. approach are equipped with an effective security process that will lead towards ISO/IEC 17799:2000 and BS 7799-2:2002 certification.

Deliverables:

Executive Summary: This report is intended to summarize for management the audit objective and scope, testing approach and results, and the potential implications to your organization.

• Heat Map: This is a brief document summarizing each area reviewed with its respective color coded risk classification giving you a visualization of your organization’s strengths and weaknesses.
• Rating: Each area tested will be evaluated based on a risk based formula which measures impact to the organization and likelihood of occurrence. Quantitative measurements will give management a better perspective of areas that are better controlled than others.

Detailed Technical Report: This report is intended for the IT staff to understand the risks involved with:

• The processes and systems evaluated.
• Testing methodology and approach
• Control deficiencies
• A sound and cost-effective solution that will mitigate the risk to a level acceptable to the organization

Progress and Benchmark Report: This report is issued after follow-up audits of systems previously reviewed and will illustrate management:

• The degree of corrective action implemented to mitigate or eliminate reported risks from prior audits and assessments.
• Differences between prior and current audit results in graphical and narrative formats.